4. Threat scenarios

In general, risks materialize as a result of a series of threat events, each of which takes advantage of one or more vulnerabilities.

Organisations define threat scenarios to describe how the events caused by a threat source can contribute to or cause harm.

Risk models vary in the level of detail and complexity used to identify threat events. When threat events are identified with greater specificity, threat scenarios can be modeled, developed, and analyzed. A threat scenario consists of discrete threat events attributed to one or more threat sources, ordered chronologically, that result in adverse effects.

Development of threat scenarios is analytically useful, since some vulnerabilities may not be exposed to exploitation unless and until other vulnerabilities have been exploited. Analysis that illuminates how a set of vulnerabilities, taken together, could be exploited by one or more threat events is therefore more useful than the analysis of individual vulnerabilities.

In addition, a threat scenario tells a story, and hence is useful for risk communication as well as for analysis.

(Source: NIST SP 800-30)