Prioritizing Risk Elements That Require Risk Mitigation
One of the ways that the most important countermeasures can be identified is by prioritizing the risk elements. Risks occur when a threat exploits a vulnerability. The importance of a risk can be determined by estimating its likelihood and impact. The likelihood of a risk is a reflection of how likely it is that a threat will exploit a vulnerability, and the impact identifies the damage to the organization. Risks that are highly likely to occur and will have a high impact are the most important.
Using a Threat Likelihood/Impact Matrix
Threats can negatively affect confidentiality, integrity, or availability. The severity of a threat is evaluated by identifying the likelihood that ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.