Please enable JavaScript.
Coggle requires JavaScript to display documents.
Measuring and Weighing Cyber Risks (Steps of Risk Assessment (Calculate…
Measuring and Weighing Cyber Risks
Components of Risk Assessment
Risks That Need Addressing
:point_right::skin-tone-3:
This process helps an organization focus on its resources as well as on the risks that are most likely to occur.
Coordination with BIA
:point_right::skin-tone-3:
This component provides the facility with an accurate picture of the situation facing it. and it also allows making intelligent decisions about how to respond to various scenarios of risks.
Risks to Which the Organization Is Exposed
:point_right::skin-tone-3:
This component allows you to develop scenarios that can help you evaluate how to deal with these risks if they occur.
Risk Management Strategies
Risk Mitigation
:point_right::skin-tone-3:
taking steps to reduce risk.
Risk Deterrence
:point_right::skin-tone-3:
Warning the enemy of the consequences of causing the harm.
Risk Transference
:point_right::skin-tone-3:
involves sharing some of the burden of the risk with someone else, such as an insurance company
Risk Avoidance
:point_right::skin-tone-3:
involves identifying a risk and making the decision not to engage any longer in the actions associated with that risk.
Risk Deterrence
:point_right::skin-tone-3:
involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.
Basic Terminologies
Vulnerability
:point_right::skin-tone-3:
Weakness in the asset that could be exploited by one or more threats
Threat
:point_right::skin-tone-3:
The potentials for vulnerabilities to turn into attacks and cause serious harm to the system's assets.
Asset
:point_right::skin-tone-3:
Anything tangible or intangible that has a value to the organization.
Cyber Risk
:point_right::skin-tone-3:
The results of a threat exploiting a vulnerability in one or more assets
Risk Assessment
:point_right::skin-tone-3:
The identification, evaluation, and estimation of the levels of risks that related to the organization assets.
Steps of Risk Assessment
Analyze the Control Environment
:point_right::skin-tone-3:
Listing and prioritizing the available controls.
Determine Inherent Risk & Impact
:point_right::skin-tone-3:
determining and rating the expected risks based on what we have done in the previous steps.
Determine a Likelihood Rating
:point_right::skin-tone-3:
determining the likelihood of the given exploit taking into account the control environment that your organization has in place.
Identify Threats
:point_right::skin-tone-3:
Listing the associated threat to each vulnerability.
Calculate your Risk Rating
:point_right::skin-tone-3:
ALE = SLE × ARO
:point_right::skin-tone-3:
SLE = AV × EF
Characterize the System
:point_right::skin-tone-3:
Listing every asset with its corresponding vulnerabilities.