Tools supporting threat and risk analyses – Implementation proposals


  • Johan Bengtsson
  • Jonas Hallberg
  • Teodor Sommestad

Publish date: 2012-12-28

Report number: FOI-R--3552--SE

Pages: 43

Written in: Swedish


  • Threat analysis
  • risk analysis
  • IT security
  • security requirement


The threat and risk analyses performed for planned IT systems are crucial for the information security of the Swedish Armed Forces. There are many needs for supporting methods and tools during these analyses. A set of such needs has been specified through previously performed needs analyses. This report presents more than 20 suggestions whose implementation would satisfy many of the identified needs. In addition to the identified needs, the demonstrator Sublime has been a starting point for the suggestions. The purpose of Sublime is to illustrate a possible design of tools supporting the analyses based on the Common Risk Management Model of the Swedish Armed Forces. The effort required to implement the suggestions differs. The level of effort required also depends on the specific approach selected for the implementation of a suggestion. In addition to the implementation suggestions, more than 20 research questions have been identified. Future studies of these research questions have the potential to fundamentally affect the bases and the execution of the threat and risk analyses. Future work, during 2013, will include the prioritization of the suggestions and the implementation of a set of high-priority suggestions. Some of the research suggestions may also be addressed. However, the specified research questions are, foremost, a basis for future research projects.