Ranking Your Findings
During the assessment, you may have discovered potential problems that will need to be presented to management in a structured order. This can be done by calculating a risk score. A risk score gives us a way to quantify our findings and determine a prioritized list of what is most important. The risk score takes into account two key items: raw risk and policy control.
Tip
Raw risk has two basic components, which are probability and impact. What’s probability? It is the likelihood of an event happening. Impact can be best defined as an attempt to identify the extent of the consequences should a given event occur. If you multiply the probability by the impact, you can get a raw risk score that is easy to chart.
Probability ...
Get Inside Network Security Assessment: Guarding Your IT Infrastructure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.