Threat Criteria and Matrix
Threat criteria exists in 3×3, 4×4 and 5×5 matrix configurations, which should accommodate the bulk of applications. This criteria is associated with human derived attributes of ‘capability’ and ‘intent’ and users can adjust all aspects of the tables (including labels/ratings. colouring etc.)
Within each assessment, this criteria is able to be viewed by clicking the “Show Criteria” button at top right of screen.
Threat criteria also includes a ‘Threat Tolerance’ setting that allows users to define which Threat Acts automatically create associated risks in the Risk Register. For example, if the tolerance is set to MEDIUM, only those Threat Acts that are rated at or above MEDIUM will cause a risk to be created within the Risk Register (ordinarily, and if set to its lowest level, all Threat Acts will cause a risk to be created).
The purpose of this is to enable assessors to maintain a focus on threats/risks that are most significant, while keeping a record of all threats for future review. Should a Threat Act rating be increased at any time in the future, it will then create a risk that must be addressed….true risk management in practice!