![Page 1: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/1.jpg)
SECURITY RISK ASSESSMENTWITH
Paul Mercer – Security Risk Consultant
![Page 2: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/2.jpg)
Part 1 – An intro to SRA – 15 minsPart 2 – Security Risk Assessment
Methodology – 1 hrPart 3 – What is HawkSight? - 15 minsPart 4 – Security Threat Analysis using
HawkSight – 1 hr
![Page 3: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/3.jpg)
PART 1 AN INTRODUCTION TO SECURITY
RISK ASSESSMENT
![Page 4: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/4.jpg)
WHAT IS A SECURITY RISK ASSESSMENT (SRA)?
A Security Risk Assessment offers a structured means of
determining the Threats to, and
Vulnerabilities of an Organisation, Community or
Individual” SRMBOK:2008
![Page 5: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/5.jpg)
WHY DO WE NEED TO CONDUCT A SRA?
To reduce uncertainty…. “A risk based approach to
security ensures improved corporate governance and transparency of decision making through managing risk that threaten the on-going sustainability of the organisation” AS/NZ 4360:2004
“To shape operational activities and optimise the allocation of resources” SRMBOK:2008
![Page 6: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/6.jpg)
HOW DO WE CONDUCT A SRA?Security Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 7: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/7.jpg)
PART 2SECURITY RISK ASSESSMENT METHODOLOGY
![Page 8: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/8.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 9: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/9.jpg)
WHY?
“To gain an understanding of what our client does and how they do it in order we can recommend security
controls that match the needs of the client, the physical and regulatory
environment in which they operate, as well as meeting international
standards and best practice”
![Page 10: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/10.jpg)
STRATEGIC CONTEXT
“Allows us to “gain an understanding of the external environment in which the
organisation is operating or may be operating [in the future in order to] identify any factors that may have an effect on the organisation or the way it does business”
HB 167:2006
![Page 11: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/11.jpg)
OPERATIONAL CONTEXT
“To agree an understanding of the organisation itself, and any issues that may influence its exposure to security risk or the
activities undertaken to manage them. In other words, what do they do and how do
they do it.”
![Page 12: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/12.jpg)
PROJECT CONTEXT - CONSEQUENCE?“The consequences of any security event are assessed
with reference to the potential damage to the client should the Risk occur and may be defined in terms of
effect on the achievement of client’s objectives, or possible impact on meeting defined business, financial,
management, operational, safety, security and environmental requirements, in terms of the legal and
regulatory framework or impact to reputation” “In analysis the consequence against likelihood the
approach adopted for security risks in this assessment reflects international best practice (HB 167) and is to
take the most probable worst case scenario”
![Page 13: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/13.jpg)
PROJECT CONTEXT – SECURITY RISK MANAGEMENT (SRM)
How does the client currently manage Security Risk?
How do they Identify, Assess, Evaluate and Treat Security related Risk?
Understanding the Security Risk Management Context provides the scope, parameters and plan for undertaking the
proposed Security Risk activities.
![Page 14: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/14.jpg)
SRM – RISK TOLERANCE
Editing the Risk Matrix Edited Matrix Showing Greater Risk Tolerance
![Page 15: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/15.jpg)
SRM - RISK RESPONSE LEVELS
![Page 16: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/16.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 17: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/17.jpg)
VULNERABILITY ASSESSMENT – TARGET ATTRACTIVENESS
![Page 18: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/18.jpg)
VULNERABILITY ASSESSMENT – CONTROL LEVEL EFFECTIVENESS
What are Security Controls?
“Process, Policy, Device or other action that acts to minimise negative risk or enhance positive
opportunities”
AS/NZ4360:2004 Risk Management Standard p 342
![Page 19: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/19.jpg)
SECURITY CONTROL TRIANGLE
Policy & Procedure
Physical &
Manpower Technology
![Page 20: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/20.jpg)
VULNERABILITY ASSESSMENT – BUSINESS RESILIENCE
“Business Resilience, or Post Incident Vulnerability (V2), is the robustness and ability of the asset, facility or system to
withstand attack and / or maintain service in the event of damage or disruption”
![Page 21: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/21.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 22: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/22.jpg)
WHAT IS A CRITICAL ASSET ASSESSMENT?
“The Criticality Assessment attempts to prioritise organisational infrastructure, asset or elements by
relative importance or dependence on that element”
SRMBOK2008. p 154
![Page 23: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/23.jpg)
WHAT ARE CRITICAL ASSETS?
Critical Assets are characterised as:
People Physical Property Information Information &
Communication Technologies (ICT)
![Page 24: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/24.jpg)
HOW CAN WE DEFINE PROJECT ASSETS?
3 Steps:1. Gain an overall understanding of what
the project objectives2. Breakdown the processes involved in
achieving these objectives (Process Mapping)
3. Identify the People, Physical Property, Information and ICT that are needed to support these objectives
![Page 25: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/25.jpg)
ESTABLISHING CRITICALITY
We must consider the impact of the loss of functionality of the asset and the associated impact on the relevant process. Loss of the asset is assessed in terms of: Cessation of critical process Short term recovery capability Serious or prolonged reputation
damage
![Page 26: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/26.jpg)
ESTABLISHING CRITICALITY
Criticality is Assessed as:
Extreme High
SignificantModerate
Low
![Page 27: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/27.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 28: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/28.jpg)
UNDERSTANDING SECURITY RISK AND SECURITY THREAT
Security Threat is defined as any Threat originating from both a human and natural or non-human source that might negatively affect the sentiment of security and quality of life of individuals, and the interests and choices available to organizations and governments.
Security Risk is defined as the effect of disruption on the objectives caused by risks originating from Security Threats identified.
![Page 29: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/29.jpg)
SECURITY THREAT SOURCE
The Source of a Security Threat is defined as is the
origin at which the Threat emanates be
that a human or non human source
which may be external or internal to the project under
review.
![Page 30: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/30.jpg)
ASSIGNING CONSEQUENCE OF A THREAT TO AN ASSET
![Page 31: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/31.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 32: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/32.jpg)
WHAT IS SECURITY RISK ANALYSIS?
Defining the Impact and Likelihood of each relevant Threat against each Critical Asset defines the
Security Risk Level
![Page 33: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/33.jpg)
WHAT IS SECURITY RISK ANALYSIS
A 4 stage process to inter relate the data gathered so far:
Consequence Level Risk Tolerance Risk Response Level Target Attractiveness Level Business Resilience Level Threat Level Critical Asset Level Control Level Effectiveness Level
![Page 34: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/34.jpg)
STEP 1 –DEFINING PRE-INCIDENT VULNERABILITY (V1)
Target Attractiveness
ControlLevel
Effectiveness
Low Medium Significant High Extreme
Unsatisfactory 6 7 8 9 10
Weak 5 6 7 8 9
Satisfactory 4 5 6 7 8
Good 3 4 5 6 7
Excellent 2 3 4 5 6
![Page 35: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/35.jpg)
STEP 2 –DEFINING LIKELIHOOD
Threat Level
Pre Incident Vulnera
bility (V1)
Low Medium Significant High Extreme
Unsatisfactory 6 7 8 9 10
Weak 5 6 7 8 9
Satisfactory 4 5 6 7 8
Good 3 4 5 6 7
Excellent 2 3 4 5 6
![Page 36: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/36.jpg)
STEP 3 –ASSESSING IMPACT
Consequence Level
Business
Resilience
Level
Minimal Minor Moderate MajorCata
strophic
Unsatisfactory 6 7 8 9 10
Weak 5 6 7 8 9
Satisfactory 4 5 6 7 8
Good 3 4 5 6 7
Excellent 2 3 4 5 6
![Page 37: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/37.jpg)
STEP 4 –DEFINING RISK LEVEL
![Page 38: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/38.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 39: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/39.jpg)
EVALUATING RISK
Tolerate the Risk- if, after controls are put in place, the remaining risk is deemed acceptable to the organisation, the risk can be retained. Transfer the Risk - this involves another party bearing or sharing some part of the risk by the use of contracts, insurance, outsourcing, joint ventures or partnerships etc.Terminate the Risk - decide not to proceed with the activity likely to generate the risk.Treat the Risk – through implementation of preventative controls measures, policies & procedures, contingency planning, disaster recovery & business continuity plans
![Page 40: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/40.jpg)
EVALUATING IDENTIFIED SECURITY RISKS
![Page 41: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/41.jpg)
SECURITY RISK ASSESSMENT METHODOLOGYSecurity Risk M
anagement H
B167En
terp
rise
Risk
Man
agem
ent
ISO
310
00
![Page 42: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/42.jpg)
AS LOW AS REASONABLY PRACTICABLE(ALARP)
![Page 43: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/43.jpg)
SECURITY RISK TREATMENT
Security in Depth Corporate Security Functions
Hierarchy of Controls Swiss Cheese Model
![Page 44: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/44.jpg)
PART 3WHAT IS HAWKSIGHT ?
![Page 45: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/45.jpg)
WHAT IS HAWK SIGHT ?
Hawk Sight is a Security Risk Assessment Calculator. It speeds up the analysis process by automating the
risk analysis methodology, thereby significantly reducing the time required to produce the Security Risk Assessment report.
Used by a trained Security Risk Consultant it will facilitate standardised, ISO 31000 compliant Security Risk Assessments, and ensures continuity in the Security Risk Assessment process, allowing like for like comparison across all Security Risk Assessments, regardless of organisation type or country of operation.
![Page 46: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/46.jpg)
INTERNATIONAL RISK STANDARDS
![Page 47: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/47.jpg)
LOGIN PAGE
Sign in at http://maxwelllucas.digitalpilgrims.co.uk using your designated username and password.
![Page 48: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/48.jpg)
CLIENT VAULT PAGE
![Page 49: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/49.jpg)
SECURITY RISK REGISTER
![Page 50: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/50.jpg)
HAWKSIGHT SIMULTATOR
![Page 51: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/51.jpg)
HAWKSIGHT SIMULTATOR
![Page 52: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/52.jpg)
HAWKSIGHT SIMULTATOR
![Page 53: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/53.jpg)
REPORT WRITE UP
![Page 54: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/54.jpg)
WORD TEMPLATE
![Page 55: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/55.jpg)
PART 4SECURITY THREAT ANALYSIS USING
![Page 56: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/56.jpg)
UNDERSTANDING SECURITY RISK AND SECURITY THREAT
Security Threat is defined as any Threat originating from both a human and natural or non-human source that might negatively affect the sentiment of security and quality of life of individuals, and the interests and choices available to organizations and governments.
Security Risk is defined as the effect of disruption on the objectives caused by risks originating from Security Threats identified.
![Page 57: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/57.jpg)
SECURITY THREAT SOURCE
The Source of a Security Threat is defined as is the
origin at which the Threat emanates be
that a human or non human source
which may be external or internal to the project under
review.
![Page 58: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/58.jpg)
THREAT SOURCE
Threat sources may be categorised as follows: Military Threats to Security from Other States Security Threats from Non State Actors Economic Threats to Security Criminal Threats to Security Social and Religious Threats to Security Health Threats to Security Natural Threats to Security Environmental Threats to Security Accidentally Occurring Threats to Security
![Page 59: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/59.jpg)
THREAT DRIVER
The motivation of a human source or the non human trigger event for a threat to
occur.
![Page 60: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/60.jpg)
DEFINING THE LEVEL OF THREAT
Human Threat Intent refers to covert, implicit, or expressed
aims, goals, objectives, desires or directions of a human threat source, as identified in historical trend data, similar previous incidents and collected intelligence.
Capability refers to the attributes of a human threat source that enable a human Threat to occur, such as skills and knowledge, access to material and financial resources, time and supporters.
![Page 61: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/61.jpg)
INTENT
Determined Threat Source has acted in the last 2 years Drivers/motivational factors still exist
Expressed Threat Source has not been active in the past 5
years Driver/motivational factors still exist
Little Threat Source has not been active for more than 5
years No known driver or motivational factors exist
![Page 62: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/62.jpg)
CAPABILITY
Extensive Potential protagonist has proven capability and
the means to implement the threat effectively against the asset type.
Moderate Potential protagonist has limited proven capability
and resources to implement the threat effectively against the asset type.
Low Potential protagonist has no proven capability and
no resources to act against the asset.
![Page 63: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/63.jpg)
NATURAL OR NON-HUMAN THREAT
Potential refers to the incidence of a non-human Threat and the circumstantial, climate and geographic factors that can trigger it or increase its propensity to occur, as identified in historical trend data, past events and scientific estimates.
Capacity refers to the ability of a non-human Threat to do harm and the factors that can amplify its damage potential, calculated from similar previous incidents and scientific estimates.
![Page 64: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/64.jpg)
POTENTIAL
Likely Threat Source has been active itself in the last 2 years Conditions still exist that might trigger activity
Possible Threat Source has not been active in the past 5 years Conditions still exist that might trigger activity
Improbable Threat Source has not been active for more than 5
years Conditions do not exist that might trigger activity
![Page 65: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/65.jpg)
CAPACITY
Extensive Source of threat has proven capacity to cause multiple
human fatalities and total disruption of business operations.
Moderate Source of threat has proven capacity to cause multiple
injuries to personnel and significant disruption of business operations.
Low Source of threat has no proven capacity to cause
significant injuries to personnel or significantly affect any business operations.
![Page 66: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/66.jpg)
CALCULATING THREAT LEVEL
Intent/Potential
Little/
Improbable
Expressed/
Probable
Determined/
Likely
Capability/Capacity
Extensive Moderate High Extreme
Moderate Low Significant High
Low Low Moderate Significant
![Page 67: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/67.jpg)
ENTERING THREAT DATA INTO HAWK SIGHT
There are 2 ways to enter Threat Data into your project: Adding/Editing Threats Manually to the
Hawk Sight database Selecting pre entered Threats from the
Hawk Sight database
![Page 68: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/68.jpg)
ENTERING THREAT DATA INTO HAWK SIGHT
![Page 69: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/69.jpg)
THREAT DATA PAGE
![Page 70: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/70.jpg)
ADDING/EDITING THREATS MANUALLY
![Page 71: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/71.jpg)
USING PRE ENTERED THREATS FROM THE DATABASE
![Page 72: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/72.jpg)
THREAT DATA PAGE
![Page 73: Intro to Security Risk Assessment with HawkSight](https://reader031.vdocuments.site/reader031/viewer/2022013105/55492988b4c90547498bebaf/html5/thumbnails/73.jpg)
THREAT DATA SELECTION