The key factors involved in accessing the important of a risk are-
- Identifying a Risk6
It is necessary to get information about the “threat agent involved, the attack that will be used, the vulnerability involved, and the impact of a successful exploit on the business.” 6 - Factors for Estimating Likelihood6
It is then necessary to determine the likelihood of the occurrence of the risk – “a rough measure of how likely this particular vulnerability is to be uncovered and exploited by an attacker” 6
There can be a number of factors that determine the likelihood-
- Threat agent factors
- Skill level
- Motive
- Opportunity
- Size
- Vulnerability factors
- Ease of exploit
- Awareness
- Intrusion detection
- Factors for Estimating Impact
It is necessary to determine the impact of the risk. The factors which help determine this are-- Technical impact
- Loss of Confidentiality
- Loss of Integrity
- Loss of Availability
- Business Impact
- Financial damage
- Reputation damage
- Non-compliance repercussions
- Privacy violation
- Technical impact
Determining Severity of the Risk
In this step the “likelihood estimate and the impact estimate are put together
to calculate an overall severity for this risk.” It helps give a number on a
scale from 0 to 9 and determine a severity metric.