Template 8: Threat Risk Assessment
Document History
Table of Contents
[Provides a high-level summary of the threat assessment, including why it was performed, key findings, and any conclusions or recommendations to be made. Delete this comment once completed.]
[Statements justifying the final and overall risk score of the threat modeling exercise. Delete this comment once completed.]
[Explanation of the stages, phases, steps, and processes used throughout the threat modeling exercise. Delete this comment once completed.]
[Identifies circumstances and/or outcomes that have been taken for granted. Delete this comment once completed.]
Figure T8.1 Threat tree workflow.
[Documents the details of each threat as they relate to the security principle it affects. Delete this comment once completed.]
Unauthorized viewing or disclosure of information that compromises privacy and/or secrecy.
Unauthorized additions, changes or deletions that affect the completeness, accuracy, authenticity, timeliness or currency of data or information.
Interruptions in service that lead to loss of service for a longer period of time than is acceptable, loss of a portion of expected functionality, degradation of response time to an unacceptable level, missed delivery deadlines for required reports or loss of use of resources (even though related software is functioning).
Major interruption of facilities, such that a loss of processing capability is experienced that will last for an unacceptable period of time.
Proper identification of users and process requesting access into objects and assets.
Explicitly granting permissions to users or processes in order to read, write, or execute target information or processes.
Assurance that a user or process cannot deny the read, write, or execute access into target information or systems.
