Attack Trees are a good way to move threat scenarios from the realm of art form to science. Popularized by Bruce Schneier, Attack Trees can be used to map out the various components of a threat scenario (the Vulnerabilities and the threat sources) and organize them into a more easily understood structure. For further background you may want to review:
Attack Trees can be adapted to assist in completing the Threat Scenarios in the Simple Risk Model assessment Tool.
Please refer to a mock-up of a Simple Risk Model Attack Tree form that can be used as part of Threat Scenario reviews.
Note, Attack Trees provide a systematic way to compare existing Threat sources with Vulnerabilities to identify the most likely exploits that Threats would use. Since Attack Trees do not include the Cost side of the risk equation, they should not be relied upon as a single source for a comprehensive risk analysis.
Once the Threat Scenarios are complete, you will have prioritized your controls (which ones are key?), whether the existing controls are effective and efficient and what additional controls are required. The next step is to move from the Assess phase to reviewing and implementing those controls.
©2009 ISRMC, LLC