9/11/23
This is where your teams can begin to measure risk:
u Estimate how often an adversary or attacker is likely to attempt to exploit a vulnerability to cause the desired harm. u Gauge how well your existing systems, controls and processes can be standup to those attempts. u Determine the value of the impact or harm the adversary may cause if the adversary is indeed successful. u One way of describing risk was consequence X likelihood, but as security teams have advanced their processes and intelligence, we see that you have to also account for the safeguards you’ve already put in place.
11
Risk = threat x vulnerability
u This is another way of looking at risk, albeit a bit simplified: u Vulnerability x Threat = Risk
u We can sum up this calculation with the concepts from above: that a single vulnerability multiplied by the potential threat (frequency, existing safeguards, and potential value loss) can give you an estimate of the risk involved. u In order for organizations to begin risk mitigation and risk management , you first need to understand your vulnerabilities and the threats to those vulnerabilities. This is no small task.
12
6
Made with FlippingBook - Online catalogs