O'Reilly logo

Inside Network Security Assessment: Guarding Your IT Infrastructure by David Kim, Michael Gregg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Ranking Your Findings

During the assessment, you may have discovered potential problems that will need to be presented to management in a structured order. This can be done by calculating a risk score. A risk score gives us a way to quantify our findings and determine a prioritized list of what is most important. The risk score takes into account two key items: raw risk and policy control.

Tip

Raw risk has two basic components, which are probability and impact. What’s probability? It is the likelihood of an event happening. Impact can be best defined as an attempt to identify the extent of the consequences should a given event occur. If you multiply the probability by the impact, you can get a raw risk score that is easy to chart.

Probability ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required