None

SA
StudyAI Editorial
Reviewed by StudyAI tutors
· Published Updated

From the Ratt curriculum

Introduction to RATS

TL;DR

RATS stands for "Risk Assessment and Threat Scoring," a simple way to figure out how bad a problem is. You'll evaluate a problem's impact and how likely it is to happen. This helps you prioritize what to fix first.

1. The Mental Model

Imagine you have a big pile of tasks and don't know where to start. RATS helps you sort that pile by telling you which tasks are both really important and likely to go bad if you ignore them.

2. The Core Material

RATS is a framework to assess risks by scoring two main factors: Impact and Likelihood. The product of these scores gives you a Threat Score, helping you prioritize mitigation efforts.

2.1 Impact

Impact measures how severe the consequences would be if a specific problem actually occurred. Think about the damage it could cause.

You'll typically score Impact on a scale, often 1 to 5.
- 1 (Negligible): Very minor, easily fixed, almost no real consequence.
- 2 (Minor): Small inconvenience, minimal cost, easily recovered.
- 3 (Moderate): Noticeable disruption, some financial cost, might affect operations temporarily.
- 4 (Serious): Significant disruption, major financial loss, reputational damage, might require significant resources to recover.
- 5 (Catastrophic): Total failure, huge financial losses, severe reputational damage, potential legal issues, long-term or permanent damage.

2.2 Likelihood

Likelihood measures how probable it is that the specific problem will actually happen. Is it a rare event or something that occurs often?

Again, you'll score Likelihood, usually 1 to 5.
- 1 (Rare): Very unlikely to happen, almost never.
- 2 (Unlikely): Could happen, but not frequently.
- 3 (Possible): Might happen, fairly common possibility.
- 4 (Likely): High chance of happening, probably will occur.
- 5 (Almost Certain): Will almost certainly happen, common or constant.

2.3 Threat Score Calculation

Visual representation of a scam concept using toys, dice, and fake money on a white background.
Photo by Tara Winstead on Pexels

Once you have your Impact and Likelihood scores, you multiply them to get the Threat Score.

Threat Score = Impact × Likelihood

This score helps you compare different risks. A higher Threat Score means a more critical risk that needs your attention sooner.

For example:
- Impact = 5, Likelihood = 5 → Threat Score = 25 (Very High)
- Impact = 1, Likelihood = 1 → Threat Score = 1 (Very Low)
- Impact = 5, Likelihood = 1 → Threat Score = 5 (High Impact, Low Likelihood)
- Impact = 1, Likelihood = 5 → Threat Score = 5 (Low Impact, High Likelihood)

Notice how a score of 5 can come from different combinations. This shows that threats aren't just about how bad they are, but also how often they might happen.

graph TD
    A["Identify a Problem/Risk"] --> B["Assess Impact (1-5)"]
    B --> C["Assess Likelihood (1-5)"]
    C --> D{"Calculate Threat Score = Impact * Likelihood"}
    D --> E{{"Prioritize based on Threat Score"}}
    E --> F["Highest Scores = Act First"]
    E --> G["Lower Scores = Monitor/Act Later"]

3. Worked Example

Let's say you're managing a small online store. You've identified a few potential issues:

  1. Server outage during peak shopping season (e.g., Black Friday).

    • Impact Assessment: If the server goes down on Black Friday, you'd lose a massive amount of sales, customer trust, and it would be very expensive to fix quickly. This is Catastrophic. Score = 5.
    • Likelihood Assessment: You've had minor outages before, and you expect a huge traffic surge. While not certain, there's a strong chance your current setup might struggle. This is Likely. Score = 4.
    • Threat Score: 5 (Impact) × 4 (Likelihood) = 20.

  2. A typo on a product description for a low-selling item.

    • Impact Assessment: A typo on one product description is embarrassing but won't stop sales, especially for an item that rarely sells. This is Negligible. Score = 1.
    • Likelihood Assessment: You have many products, and typos sometimes slip through proofreading. This is Possible. Score = 3.
    • Threat Score: 1 (Impact) × 3 (Likelihood) = 3.

  3. A critical software bug that stops customers from adding items to their cart.

    • Impact Assessment: If customers can't add to their cart, your entire business stops. This is a Catastrophic impact. Score = 5.
    • Likelihood Assessment: Your testing process is pretty robust, and this kind of bug is rare. This is Unlikely. Score = 2.
    • Threat Score: 5 (Impact) × 2 (Likelihood) = 10.

Prioritization:

  • Server Outage: 20
  • Cart Bug: 10
  • Typo: 3

Based on these RATS scores, you should absolutely focus on shoring up your server infrastructure for Black Friday first, then investigate potential cart bugs, and finally worry about the typo.

4. Key Takeaways

  • RATS helps you systematically evaluate and prioritize risks.
  • You score risks based on their Impact (how bad it is) and Likelihood (how often it might happen).
  • The Threat Score is the product of Impact and Likelihood, giving you a single number to compare risks.
  • Higher Threat Scores mean more urgent problems that need immediate attention.
  • RATS is a simple but powerful tool for making informed decisions about where to allocate your resources.

Common Mistakes:
- Scoring based on emotion: Try to be objective; use data or experience rather than your gut feeling.
- Inconsistent scales: Make sure you apply the 1-5 scale consistently across all risks you're evaluating.
- Ignoring either factor: Giving too much weight to impact or likelihood alone (e.g., only fixing "bad" things, not "frequent" things).
- Not recalculating: Risks change; what was unlikely yesterday might be likely today. Review your scores periodically.

5. Now Try It

Think about a common task or project you're involved with (e.g., writing a report, planning an event, working on a team). Identify three potential problems or risks that could occur.

For each risk:
1. Assign an Impact score (1-5).
2. Assign a Likelihood score (1-5).
3. Calculate the Threat Score.

Then, based on your calculated scores, write down which risk you would address first and why in one sentence.

Success looks like: You have three risks, each with an Impact score, a Likelihood score, a calculated Threat Score, and a clear, justified prioritization statement.

Frequently asked about None

# Introduction to RATS ## TL;DR RATS stands for "Risk Assessment and Threat Scoring," a simple way to figure out how bad a problem is. You'll evaluate a problem's impact and how likely it is to happen. This helps you prioritize what to fix first. ## 1. The Mental Model Imagine Read the full notes above.

None is a core topic in Ratt. Most exam papers test it via a mix of definitions, worked examples, and applied problems. The notes above cover the high-yield sub-topics, common pitfalls, and the kind of questions examiners typically set.

Yes. Every note in the StudyAI Campus Hub is free to read. Create a free account if you want to clone the full plan, generate your own notes from your textbook, or get AI-powered practice quizzes and flashcards.

Get the full Ratt curriculum

Clone the complete plan to your dashboard for unlimited AI-generated notes, practice quizzes, and a personalised revision schedule.

Create Free Account