Skip to main content

Scenario Title

Purpose

Brief explanation of what this scenario models and why it matters.

Target Asset / Capability

Asset or capability impacted
Link to Asset Catalogue if relevant

Threat Source

External attacker, insider, operational failure, environmental event, etc.

Scenario Description

Narrative of how the threat could materialize
Concise but realistic

Attack / Failure Path

Step-by-step description of exploitation or failure sequence
Include dependencies, enablers, or triggers

Exposure Conditions

Existing weaknesses, misconfigurations, or dependencies
Anything that could increase likelihood or impact

Potential Impacts

Confidentiality, integrity, availability, operational, reputational, compliance
Qualitative description (minor → critical)

Existing Safeguards

Controls, configurations, policies already in place
Links to relevant documentation where possible

Residual Concerns

Remaining gaps or uncertainties
Points for monitoring or future improvement

Link to associated risk entry in Risk Register if already modeled

Owner / Review Role

Role responsible for scenario review, update, or validation

Purpose
Target Asset / Capability
Threat Source
Scenario Description
Attack / Failure Path
Exposure Conditions
Potential Impacts
Existing Safeguards
Residual Concerns
Related Risk Entry
Owner / Review Role