Prioritizing Risk Elements That Require Risk Mitigation

One of the ways that the most important countermeasures can be identified is by prioritizing the risk elements. Risks occur when a threat exploits a vulnerability. The importance of a risk can be determined by estimating its likelihood and impact. The likelihood of a risk is a reflection of how likely it is that a threat will exploit a vulnerability, and the impact identifies the damage to the organization. Risks that are highly likely to occur and will have a high impact are the most important.

Using a Threat Likelihood/Impact Matrix

Threats can negatively affect confidentiality, integrity, or availability. The severity of a threat is evaluated by identifying the likelihood that ...

Get Managing Risk in Information Systems, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.