This phase builds directly on the results of the pre-risk assessment. The Post-Threat Scenario is a refined version of the Pre-Threat Scenario, updated to reflect the effectiveness of the implemented security measures. The Effectiveness Method is applied to evaluate how well these measures reduce the identified risks. Attack Paths are also refined to show how mitigations change the feasibility or likelihood of attacks. Finally, specific Security Measures are defined and validated to ensure that the system risk is mitigated.
To learn more, refer to the following pages: