Skip to main content

Risk Modeling Methodology

Purpose

This page defines how threat scenarios are assessed and transformed into structured risk decisions within Scheol Security Lab.

It focuses exclusively on the evaluation logic used to analyze risk, not on how risks are stored or tracked over time.

The objective is to ensure consistent, reviewable and qualitative risk evaluation across the lab.

Scope

Risk modeling applies after:

  • assets have been identified
  • threat scenarios have been documented

It covers:

  • likelihood assessment
  • impact evaluation
  • risk level determination
  • treatment decision definition

It does not cover risk storage, lifecycle tracking or register management (see Risk Register Methodology).

Assessment Logic

Each risk is derived from a documented scenario and evaluated using:

  • a target asset or capability
  • a threat scenario
  • a qualitative likelihood assessment
  • a qualitative impact assessment
  • a resulting risk level
  • a treatment decision

Risk modeling is therefore a decision-making layer, not a documentation layer.

Impact Assessment Model (EBIOS RM inspired)

Impact is evaluated across five dimensions:

  • Confidentiality
  • Integrity
  • Availability
  • Reputation
  • Compliance

Each dimension is rated:

  • Minor
  • Moderate
  • Major
  • Critical

The highest value determines the overall impact level.

Likelihood Scale

Likelihood reflects how plausible a scenario is under current lab conditions.

  • Rare
  • Unlikely
  • Possible
  • Likely

Assessment factors include:

  • exposure surface
  • trust relationships
  • administrative paths
  • existing safeguards
  • system complexity
  • known weaknesses

Risk Level Determination

Likelihood and impact are combined using a qualitative matrix to produce:

  • Low
  • Medium
  • High
  • Critical

This classification supports prioritisation, not mathematical precision.

Risk Treatment Logic

Each evaluated risk results in a treatment decision:

  • Accept
  • Mitigate
  • Transfer
  • Avoid

Guidance:

  • Low → often acceptable if documented
  • Medium → requires review or mitigation
  • High → requires mitigation or design change
  • Critical → must be actively addressed or justified explicitly

Relationship with Other Sections

Risk Modeling is part of a structured chain:

  • Context & Assets → define scope
  • Threat Modeling → define scenarios
  • Risk Modeling → evaluate risk
  • Risk Register → track risks over time
  • Validation & Evidence → verify effectiveness

Key Principle

Risk modeling in Scheol is intentionally qualitative and context-driven.

It is designed to support reasoning, not to simulate formal enterprise quantitative risk scoring.

Current Maturity

At the current stage, risk modeling is partially established.

Established

  • qualitative evaluation model
  • likelihood and impact structure
  • risk matrix logic
  • scenario-based assessment approach

In Progress

  • consistency across all scenarios
  • deeper alignment with architectural reality
  • improved traceability to controls and validation
  • refinement of treatment rationales

Planned

  • broader coverage across all infrastructure domains
  • stronger linkage with validation outputs and evidence