Threats provide the means to calculate the risk of potential consequences the Current State assets faced, based on their current level of maturity.


Threats exploit vulnerabilities, which result in impacts.
The mitigating Control Objectives specified for each Threat define the Controls and the level of Maturity of those Controls required to mitigate the Threat.

Current State

The Asset Hierarchy of the Security Profile has currently realised Control Objectives applied across all assets at the root of the hierarchy, at key points within the hierarchy, or specified for specific systems. The Control maturity is used as the basis for determining the likelihood of risks being realised and the asset valuation defines the resulting consequence.