Not logged in - Login
View History

Organisation Threats

What are threats and threat types?

Threat types are collections of threats which are interrelated. A threat is a potential risk that has a given likelihood of causing an impact to an organisation. To ensure a consistent approach, threats are considered at an organisation level, and risk assessments that take place must use this list. To view organisational threats, click on “RA Setup” from the main organisation homepage, then select “Organisation Threats”.

Threat Types

Adding new threat types

New threat types can be added by clicking on the “New Threat Type” link in the sidebar. Threat types are placeholders to group together threats and therefore only require a name.

Deleting threat types

Threat types can only be deleted when there are no threats attached to them. Click on a threat type that needs to be deleted and click “Delete Threat Type” from the left hand sidebar.
Warning: As a threat type can only be deleted when no threats exist, this is a firm delete operation.

Adding new threats

New threats can be added by clicking on the “New Threat” link in the sidebar. As well as name, description and threat type, other attributes exist that need to be defined. These are described below.
  • Threat Reference - This is an organisation defined reference for the threat, this is not a default but it is recommended that a logical naming scheme is used.
  • Duration Flag - Some threats could cause an impact more because they affect a resource for a time period that actually has a direct impact. For example, within an office based business, a power cut might cause very little direct impact but would render an office unusable. The impact can then be derived from the impact that was assessed during the BIA.

Threat to resource mapping

Different threats only affect certain types of resources. For each threat that is entered into Abriska, it must be linked to each of the default resource types. To access this list, click on the “Link Threats to Resources” from the threat list sidebar. For each of the default resource categories (People, Premises etc.), a tick or cross will be shown against each threat. To edit this mapping, click on the category name at the top (Equipment, Information etc.) and a form listing organisation threats will be displayed. Tick the checkboxes next to the required threats and “Submit”.
Warning: This will delete the existing mapping and could therefore affect any risk assessment that has already been conducted. This is a firm delete operation.

Resource threat linking hierarchy

To allow an additional level of granularity to be added to this relationship, individual resources or resource sub-categories can have a customised threat linking. From the “Resource Threat Linking” page, click on the “Resource Hierarchy View”. If a resource is modified to have a unique threat mapping, any child resource of that resource will inherit the parent’s customised mapping.

Threat to control mapping

If a risk assessment is being used in conjunction with the control maturity assessment, each threat needs to be linked through to one or more controls. This mapping indicates that the chosen control helps to mitigate a threat by reducing its vulnerability. If no controls are linked to a threat, an error will be highlighted in red.

Threat attributes

If the impact variable is set up to calculate risk against the organisation attributes (i.e. Confidentiality, Integrity and Availability) then the default values can be assigned at an organisation level. If values are assigned at this level, these will become default for each Assessment risk assessment unless specified at a division level.


Back to RA Setup