Threat management information from THREAT domain activities is used to update cyber risks and identify new risks
Context and Guidance: Threat information sources identified in the THREAT domain should be used in conjunction with the risk management process to identify new risks and update existing risks. For example, a new risk should be identified if threat intelligence indicates that a threat actor may be targeting the organisation.
Related Practices • Input From: Implementing THREAT-2h provides input that may be useful for implementing this practice. • Progression: This practice is part of multiple practice progressions. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in the first progression include: RISK-2a, RISK-2b, RISK-2c, RISK-2g, RISK-2h, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-2m. • The practices in the second progression include: RISK-2d, RISK-2e, RISK-2f, RISK-2i, RISK-2j, RISK-2k, RISK-2l, RISK-3f.