2.

4 Identify the "Impact"

threatmaterialize. The impact
should the
can happen
Determine the extent of damage that can
could be on (but not limited to):
a) Resources, productivity, safety &health
D) Business operation, loss of business opportunity / custoie
c) Company reputation /image, customer confidence
d) Financial, fines &legal penalties.
mnanayel
Ine nigher the impact, the more concenit may he for the business
Vulnerability Severity 1.e.
ipact is the function of Asset Value Threat Severity&
Severity value.
pact = Asset Value x Threat Severity value x Vulnerability
The lowest Impact value is 3 and highest Impact value is 135.

2.5 The "Probability of Occurrence"

Determine the possibility of the weakness that can be exploited by a threat. Following
probability considerations may be given:
1) Threat Frequency: How often the threat may occur, based on statistics and experienc.
2) Measure of deliberate threats: Motivation, Capabilities perceived and necessary,
available to possible attackers and the perception of attractiveness and
vulnerability of the assets for the possible attacker. and
3) Measure of accidental threats: Geographical location of the premises and factors that
could influence human errors and equipment malfunctions.
The values that need to be considered to determine the probability of
are:
occurrence' factor
Negligible unlikely to occur =1
Low once per year = 2
C Medium once every 6 months = 3
High once per month =4
" Very high more than once =5