Risk assessments and calculations are based on what bad things can happen to an organization\’s assets.
The organization\’s assets should be identified and categorized for effective risk management.
Based on the CIA, its better answer to these questions:
- The effects(impacts) of asset unavailability.
- The impacts of asset data breaching.
- The impacts of asset\’s data altering.
Additionally, the lack of uncertainty in answering questions should be considered.
The nontechnical and straightforward definition of risk:
Risk = Threat x Vulnerability
It is a straightforward definition, but risk calculating can be pretty challenging.
Because of resource limitations on time and money, organizations should decide which threats or vulnerabilities to decrease.
Now, these questions should be determined and answered.
- What could happen?
- Will, it really going to happen?
- How bad would it be?
- What could make it better?
![\"\"](\"https://riskmetis.com/wp-content/uploads/2022/01/risk.jpg\")
