The document discusses how to identify the impact and probability of occurrence for security threats. It states that impact is determined by considering potential damage to resources, operations, reputation, finances, and legal penalties, and is calculated as the asset value multiplied by the threat and vulnerability severities. The impact can range from 3 to 135. It also explains that probability of occurrence depends on threat frequency, motivation and capabilities of attackers, and geographical and human factors that could enable accidents. It provides a scale from 1 to 5 to determine the probability from negligible to very high.
The document discusses how to identify the impact and probability of occurrence for security threats. It states that impact is determined by considering potential damage to resources, operations, reputation, finances, and legal penalties, and is calculated as the asset value multiplied by the threat and vulnerability severities. The impact can range from 3 to 135. It also explains that probability of occurrence depends on threat frequency, motivation and capabilities of attackers, and geographical and human factors that could enable accidents. It provides a scale from 1 to 5 to determine the probability from negligible to very high.
The document discusses how to identify the impact and probability of occurrence for security threats. It states that impact is determined by considering potential damage to resources, operations, reputation, finances, and legal penalties, and is calculated as the asset value multiplied by the threat and vulnerability severities. The impact can range from 3 to 135. It also explains that probability of occurrence depends on threat frequency, motivation and capabilities of attackers, and geographical and human factors that could enable accidents. It provides a scale from 1 to 5 to determine the probability from negligible to very high.
threatmaterialize. The impact should the can happen Determine the extent of damage that can could be on (but not limited to): a) Resources, productivity, safety &health D) Business operation, loss of business opportunity / custoie c) Company reputation /image, customer confidence d) Financial, fines &legal penalties. mnanayel Ine nigher the impact, the more concenit may he for the business Vulnerability Severity 1.e. ipact is the function of Asset Value Threat Severity& Severity value. pact = Asset Value x Threat Severity value x Vulnerability The lowest Impact value is 3 and highest Impact value is 135.
2.5 The "Probability of Occurrence"
Determine the possibility of the weakness that can be exploited by a threat. Following probability considerations may be given: 1) Threat Frequency: How often the threat may occur, based on statistics and experienc. 2) Measure of deliberate threats: Motivation, Capabilities perceived and necessary, available to possible attackers and the perception of attractiveness and vulnerability of the assets for the possible attacker. and 3) Measure of accidental threats: Geographical location of the premises and factors that could influence human errors and equipment malfunctions. The values that need to be considered to determine the probability of are: occurrence' factor Negligible unlikely to occur =1 Low once per year = 2 C Medium once every 6 months = 3 High once per month =4 " Very high more than once =5