The Conformio risk register defines the following
- Threat is what kind of negative thing can happen to your asset because the vulnerability exists.
The mapping path is Asset to Vulnerabilty to Threat
: Employees with specific expertiese ( system admin, security experts )
: Replacement person does not exist or is inadequate
: Earthquake / Fire / Flood / Storm ?
Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure
Seems like this mapping needs some work, or am I misunderstanding something ?