risk barometer
Depending upon information we have, we decide if a risk requires us to take an action or maybe we prefer choosing to ignore the risk.
The that information, a decision will be made resulting in an action, such as patching the vulnerable software by downloading and installing the latest version of the software where the vulnerability has been eliminated.
Important is that each:
–threat,
–vulnerability, and
all influence the way we assess a risk.
We use a ranking system that looks like this:
| CyTRAP Labs risk barometer for infosec |
||||
| low | ele- vated |
mode- rately critical |
critical | severe |
| 1 | 2 | 3 | 4 | 5 |
| CyTRAP Labs 5-Punkte InfoSec Risiko-Barometer | ||||
| niedrig | vorsichtig | mittel- gradig kritisch |
kritisch | extrem |
| 1 | 2 | 3 | 4 | 5 |
The above ranking scheme is used to assess the risk regarding a threat, vulnerability and impact.Here is additional information about the CyTRAP Labs risk barometer and how we get at the numbers we publish:
- 1 how people assess risks
- 2 definining what is a threat, vulnerability versus an impact
- 3 rating scale in more detail
- 4 calculating the overall score
Pingback: CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » EISAS and ENISA - will it help improve risk management across the EU?
Pingback: CyTRAP Labs - mobiles Arbeiten und KMUs » Blog Archive » 2007-04-03 - Microsoft veroeffentlicht fuer April ein ungeplantes Sicherheits-Bulletin
Pingback: CyTRAP Labs - Wincurity - smarter protection » Blog Archive » 1st case of irresponsible public disclosure for 2008 - herding behavior and security vendors