Threat Event List

  1. Home
  2. /
  3. Learning
  4. /
  5. Introductory Topics
  6. /
  7. Lists
  8. /
  9. Threat Event List

PioneerVisible
ExpertVisible
SimplifiedVisible
ManagementHidden
BusinessHidden
Execution Mode visibility.

The Threat Event List is the list of all Threat Events and related Mitigations defined in the Threat Model. It is available from the Home ribbon.

The Home ribbon.

It can be used to assign and review Mitigations to Threat Events. It represents one of the main tools for the Mitigation phase of the Threat Modeling process, and is one of the reasons why Threat Modeling with Threats Manager Platform is more efficient than using most of the other tools currently available.

The Threat Event List shows three levels:

  • The first level is represented by the Threat Types. While this list focuses on the Threat Events, it is most useful to group them by the reference Threat Type, because this allows to calibrate all the severities and mitigations.
  • The second level is represented by the Threat Events.
  • The third level is represented by the Mitigations, which here are represented by the Threat Event Mitigations or by the Scenarios.
The Threat Event List ribbon.

The Threat Event List ribbon provides the possibility to:

  • Add a new Mitigation to the selected Threat Event: when you click the aptly named button, the Mitigation association dialog is shown. See below for details.
  • Add a new Scenario to the selected Threat Event: when you click the aptly named button, the Scenario association dialog is shown. See below for details.
    Please note that Scenario management is available only in Pioneer and Expert Execution mode.
  • Remove one or more of the Mitigations selected in the list.
  • Remove one or more of the Scenarios selected in the list.
    Please note that Scenario management is available only in Pioneer and Expert Execution mode.
  • Full Expand the tree.
  • Expand to Threat Events, which expands only the first level of the tree.
  • Expand Branch, which expands the current node and all sub-nodes.
  • Collapse All nodes to the Threat Types.
  • Refresh the list, using the aptly named button.

Right below the ribbon, there are the filters: you can both filter the Threat Events containing some text, and also by using some Special Filter, which allows to identify Threat Events which are of a particular interest:

  • Threat Events without any Mitigation.
  • Threat Events with different names or description than the respective Threat Type.
  • Threat Events with different severity than the respective Threat Type.
  • Threat Events with same severity than the respective Threat Type.

All those filters are pretty self-explanatory.

Tips & Tricks
The severity of a Threat Event may differ from the severity of the originating Threat Type. It may happen for different reasons, including the fact that the Threat applies to sensitive data or due to existing mitigations. For this reason, it may be useful to identify situations where the severity is not changed or where it changes, using Special Filters named Threat Events with different severity than the respective Threat Type and Threat Events with same severity than the respective Threat Type.

The Mitigation association dialog

The Mitigation association dialog allows to select a Mitigation to be associated to a Threat Event.

It allows to associate a Standard Mitigation, which is a Mitigation which has been linked to the related Threat Type.

It is also possible to associate a non-standard Mitigation, which is a known Mitigation that has not yet been linked to the Threat Type. When you do that, you can opt to make the Mitigation as Standard, using the related check box; it is checked by default.

Finally, you can create a new Mitigation, specifying its Name, optionally a Description, and its Control Type. Again, you can opt to make the new Mitigation as a Standard one for the Threat Type. It is enabled by default.

The Mitigation association dialog.

In the right side of the dialog, you can see three parameters that are available independently from the selected Mitigation:

  • Strength, which allows to specify the effectiveness of the Mitigation for the Threat Event. When you select the Mitigation, it shows the standard effectiveness, derived from the Threat Event Mitigation.
  • The Mitigation Status, which allows to specify if the Mitigation already exists or not. Do not use status Undefined, because it may cause the Mitigation to be missing from some parts in Reports.
  • Directives allow to specify additional recommendations which apply to the Threat Event Mitigation.

For details, please refer to the page on Mitigations.