I need people to create threat libraries that can be used for conducting risk assessments. I need threat libraries created for numerous types of threats.
The structure of the libraries is:
Threat name (example: fire)
Vulnerability 1 (example: lack of smoke detection)
Vulnerability 2 (example: lack of fire suppression)
Vulnerability 3 (example: lack of fire awareness training)
Control 1 (example: fire suppression system)
Control 2 (example: smoke detection system)
Control 3 (employee fire & awareness training)
Question (example: Have employees attended the fire safety orientation)
The files are created in XML format and then can be imported into a risk assessment tool. So if a threat is selected it will include all the vulnerabilities known that could "activate" the threat and also the known controls that can reduce the impact of the threat.
I'm attaching a sample XML threat. I'm looking for someone to also research and create as many threat libraries based on known information available online.