In ThreatModeler, there are five Threat risk levels. Can you describe those five risk levels?

  • 14 January 2021
  • 1 reply

Userlevel 7

ThreatModeler does not provide a specific definition for risk levels. It depends on the organization’s requirements and policies. Our in-house TRC defines the risk based on the description of the threat from CAPEC, OWASP, and WASC. If you feel a risk rating is not desired, you can change the rating for it.

1 reply

Userlevel 2
Badge +3

The five risk levels are:

  1. Very High
  2. High
  3. Medium
  4. Low
  5. Very Low

These can be manually adjusted to reflect an organizations’ severity metrics.