Overall business risk for a particular threat can be expressed as:

Last Updated on December 25, 2021 by Admin 3

Overall business risk for a particular threat can be expressed as:

  • a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerability.
  • the magnitude of the impact should a threat source successfully exploit the vulnerability.
  • the likelihood of a given threat source exploiting a given vulnerability.
  • the collective judgment of the risk assessment team.
Explanation: 
Choice A takes into consideration the likelihood and magnitude of the impact and provides the best measure of the risk to an asset. Choice B provides only the likelihood of a threat exploiting a vulnerability in the asset but does not provide the magnitude of the possible damage to the asset. Similarly, choice C considers only the magnitude of the damage and not the possibility of a threat exploiting a vulnerability. Choice D defines the risk on an arbitrary basis and is not suitable for a scientific risk management process.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments