Question - recommended granularity of a risk

Dear Eramba community
we are running critical infrastructure in different sectors (electricity, water production, district heating…) using the NIST framework to assess the cybersecurity-maturity level of our plants. The NIST framework is open-source and available free of costs from the Eramba website. We have defined a handful of szenarios we want to be able to handle (DDOS attack, supply-chain-attack etc).
The question is now: is it a good idea to use these szenarion as problem/risk in Eramba? Example: the szenario: “supply-chain-attack” converts to a risk “Water production not possible due to SCADA failure caused be supply chain attack”.
Any ideas or reccomendations ?

Best regards and many thanks for your help,