Assessing Risk

From Cramsession
Revision as of 23:34, 16 May 2025 by Mflavell (talk | contribs)
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

The risk Matrix

Provides a numerical assessment or risks posed by threats to the CIA triad.


Impact ➡️

Likelihood ⬇️

Confidentiality Integrity Availability
high 5 4 3
Medium 4 3 2
Low 3 2 1
Theoretical 2 1 0


Likelihoods:

  • High - Easy, Well known exploit.
  • Medium - Requires expert knowledge to implement, could be performed by state actor.
  • Low - Requires insider knowledge to implement.
  • Theoretical - No proven path at this time to exploit the venerability.


The numbers in this matrix will ultimately adjusted to an organizations tolerance to each factor of the CIA triad.


Swiss cheese model

When applied to cybersecurity the Swiss Cheese Model states that vulenerability can only be exploited if holes in the layers of diffense are aligned.

Retrieved from "https://cramsession.net/index.php?title=Assessing_Risk&oldid=839"