Risk Treatment is done for each combination of damage and threat scenario. In the TARA table, open the nested table for threat scenarios of any damage scenario. Right to group Threat Scenario you find the Risk Values group showing the derived risk level for any rated impact category.
The Risk Treatment section provides several options on how to handle the risk:
Option: Select a risk treatment option.
Claim: The drop-down provides all cybersecurity claims available in corresponding catalog.
CAL: Manually set a cybersecurity assurance level (Note: In future versions this will be calculated).
Reduce risk value to: Set a risk value as a target for any risk mitigation activity.
Security Goal: The drop-down provides all cybersecurity goals available in the project.
Risk treatment option
For each threat scenario a risk treatment option can be selected in column Option. You have a choice of
avoiding the risk,
reducing the risk,
sharing the risk, and
retaining the risk.
Avoiding the risk: No further action needed.
Reducing the Risk:
(optional) Select the target risk value in column Reduce risk to.
Select a cybersecurity goal (CSG) by double clicking in a cell of column Security Goal and select from drop-down list.
Sharing or retaining the risk:
Select a cybersecurity claim in column Claim from drop-down list. You may also create new list entries in corresponding catalog.