9.5. Incorporating Probability into the Risk Analysis

So far this chapter has focused on an analysis technique based on scenario planning. We incorporated this technique in OCTAVE, because the lack of objective data for certain types of information security threats makes it difficult to incorporate a forecasting approach based on probability. However, we have found that there is considerable interest in using probability during a more traditional risk analysis. This section presents some basic concepts of probability and shows how you can include probability in the activities of process 7.

9.5.1. What Is Probability?

We define probability as the likelihood that an event will occur. We first consider the classical concept of probability. This ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.