Assessing Risk: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
No edit summary |
|||
| Line 46: | Line 46: | ||
The numbers in this matrix will ultimately adjusted to an organizations tolerance to each factor of the CIA triad. | The numbers in this matrix will ultimately adjusted to an organizations tolerance to each factor of the CIA triad. | ||
= Swiss cheese model = | |||
When applied to cybersecurity the [https://en.wikipedia.org/wiki/Swiss_cheese_model Swiss Cheese Model] states that vulenerability can only be exploited if holes in the layers of diffense are aligned. | |||
Revision as of 23:34, 16 May 2025
The risk Matrix
Provides a numerical assessment or risks posed by threats to the CIA triad.
| Impact ➡️
Likelihood ⬇️ |
Confidentiality | Integrity | Availability |
| high | 5 | 4 | 3 |
| Medium | 4 | 3 | 2 |
| Low | 3 | 2 | 1 |
| Theoretical | 2 | 1 | 0 |
Likelihoods:
- High - Easy, Well known exploit.
- Medium - Requires expert knowledge to implement, could be performed by state actor.
- Low - Requires insider knowledge to implement.
- Theoretical - No proven path at this time to exploit the venerability.
The numbers in this matrix will ultimately adjusted to an organizations tolerance to each factor of the CIA triad.
Swiss cheese model
When applied to cybersecurity the Swiss Cheese Model states that vulenerability can only be exploited if holes in the layers of diffense are aligned.
