Custom Search

Monday, July 9, 2007

CISA Audit Process #14

Calculation of a Business Risk - Risky Analysis

Overall business risk for a particular threat can be expressed as:
a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerability.
For example: If you lose some strictly confidential documents which consists of pricing and patent information of new products that your company is going to launch, what is the impact if it falls under the hands of competitors & further more the documents have not been encrypted.

Impact = 10 (high impact)
Probabaility = 0.9( very likely)

Therefore the risk factor is 10 * 0.9 = 9 (very high risk factor)


Related Tags: , , , , , , ,

No comments: