As part of creating a Risk Assessment, you need to identify and add threats to your Risk Assessment. This can be done in two ways: (1) you can either import suggested threats based on your Risk Assessment, or (2) create threats on your own. Both ways will be described in this article.
Suggested Threats
Please note that this is only possible if this has been set up by an administrator on the Organizations page, for more information check out this article. If your organisation has enabled AI Threat Suggestion, this part might look different. For more information on this check out this article.
Click on the suggested threats button, you will see a list of pre-defined threats from the threats template.
Deselect the ones you find irrelevant by clicking on the checkboxes.
Click import to add the threats to your risk assessment.
Afterward, click on each threat to assess the likelihood and consequence and/or edit information about the threat.
Click on save.
Likelihood and consequence
Note, the likelihood and consequence part of a Risk Assessment can look different for some users depending on the choice of the individual organizations. Your organization can choose to either have one consequence, or divide the latter into three parts: human, operations and reputation.
Human - the consequences it would have on people.
Operations - the consequences it would have for your company’s operations.
Reputation - the consequences it would have to your company’s reputation.
The likelihood and consequence levels range from 1-5. On this heat matrix, you will get a better idea of what the different number ranging from 1-5 represents. You can also see what the different colors represent.
Mandatory threats
When a mandatory threat is available for your Risk Assessment, a symbol indicating the number of mandatory threats available for the respective Risk Assessment will be displayed beside the suggested threats button.
Clicking the "Suggested Threat" button will reveal a list of threats that match your Risk Assessment. The mandatory threats will be marked with an exclamation mark next to the checkbox. Additionally, the checkbox for mandatory threats will be disabled, preventing it from being unchecked.
Create threats
You have the option of creating your own threats as part of a Risk Assessment. This can be done as a way to supplements suggested threats because you feel something is missing, or it can be the way your organization has decided to do Risk Assessments. To create your own threat, follow the instructions below:
Click on the Create threat button.
Fill out the information regarding the threat manually and assess the likelihood and consequence.
Click on save.
Threat Level, Risk Level and Residual Risk Level
Threat Level - a result of likelihood multiplied by consequence.
Risk Level - the mitigated risk with the treatments that are "implemented". This level shows how the threat is at present, now that we implemented some treatments.
Residual Risk Level - a result of the treatments that are "in progress" and "not implemented". This level shows how the threat will be in the future, with the treatments that we implemented with deadlines in the future.
Both the Risk Level and Residual Risk Level are results of how well implemented (Risk Level) and not implemented (Residual Risk Level) treatments affect the risk (risk-reducing effect).
What's next?
Once you have added your threats, the next step is to add treatments to you Risk Assessment to mitigate the threats identified.
🤔 Didn't find what you were looking for?
Don't worry! We are here to help. Feel free to write directly to us on support@humanrisks.com and we will be of assistance.