Can I adjust the mitigation effectiveness for individual countermeasures instead of having an aggregate value for the whole mitigation plan?
The PTA calculative model treats a threat mitigation set as a holistic solution which provides a given mitigation level only when all the countermeasures in the set are implemented. For example: if you mark countermeasures C1, C3 and C5 as the members of a specific threat mitigation plan (by checking the In Mitigation Plan for the 3 countermeasures in the Threat Details screen) and then set the Maximal Mitigation of the threat to 70%, you will see that the specific threats risk is reduced by 70% only when C1, C3 and C5 are marked as Already Implemented in the appropriate Countermeasure Details screens. You may justifiably argue that in some cases the implementation of C1 solely may provide some substantive mitigation to the threat although less than the maximal mitigation. We support this situation in our Enterprise Edition where the analyst is able to define several mitigation plans for each threat and thus benefit from maximal flexibility in aggregating the countermeasures in a pract
Related Questions
- Can I adjust the mitigation effectiveness for individual countermeasures instead of having an aggregate value for the whole mitigation plan?
- May an individual who has already received the aggregate value of two education awards receive a stipend for service in VISTA?
- Is an individual treatment plan necessary to make a living will effective?
