![]() If your network is very vulnerable (perhaps because you have no firewall and no antivirus solution), and the asset is critical, your risk is high. For example, suppose you want to assess the risk associated with the threat of hackers compromising a particular system. We can understand risk using the following equation Risk = Threat x Vulnerability x AssetĪlthough risk is represented here as a mathematical formula, it is not about numbers it is a logical construct. ![]() It is usually not a specific number but a range. Likelihood - This is the probability that a threat will occur.For example, a successful ransomware attack could result in not just lost productivity and data recovery expenses, but also disclosure of customer data or trade secrets that results in lost business, legal fees and compliance penalties. Impact - Impact is the total damage the organization would incur if a vulnerability were exploited by a threat.The NIST National Vulnerability Database maintains a list of specific, code-based weaknesses. Other examples of vulnerabilities include disgruntled employees and aging hardware. Having a server room in the basement is a vulnerability that increases the chances of a hurricane or flood ruining equipment and causing downtime. ![]() For example, outdated antivirus software is a vulnerability that can allow a malware attack to succeed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |