Overall business risk for a particular threat can be expressed as:
a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerability.For example: If you lose some strictly confidential documents which consists of pricing and patent information of new products that your company is going to launch, what is the impact if it falls under the hands of competitors & further more the documents have not been encrypted.
Impact = 10 (high impact)
Probabaility = 0.9( very likely)
Therefore the risk factor is 10 * 0.9 = 9 (very high risk factor)
Related Tags: IT security, Risk, Risk Analysis, Impact Analysis, Risk Factor, Compliance, ISO 27001, SOX
No comments:
Post a Comment