SlideShare a Scribd company logo

Risk Assessment

Download as PPTX, PDF
Rayjen Bungabong
Rayjen Bungabong

The document discusses risk assessment and outlines the process of assigning risk ratings to information assets. It describes how likelihood is estimated based on factors like historical data and organization attributes. It then discusses identifying possible controls and documenting the results of the risk assessment process in a worksheet that lists assets, vulnerabilities, and calculated risk-rating factors.

Education
1 of 15
Risk Assessment • assigns a risk rating or score to each information asset.
Likelihood Is the probability that a specific vulnerability will be the object of a successful attack.
Many asset/vulnerability combinations have sources for likelihood, for example: • The likelihood of a fire has been estimated actuarially for each type of structure. • The likelihood that any given e-mail contains a virus or worm has been researched. • The number of network attacks can be forecast based on how many assigned network addresses the organization has.
Risk Determination
Identify Possibl Controls
Three general categories of control:
Three general categories of control: 1. Policies General Security Policy Program Security Policy Issue – Specific Policy System – Specific Policy
2. Programs 3. Technologies
Documenting the Resu of Risk Assessment
The worksheet shown in Table 4-9 is organized as follow • Asset: List each vulnerable asset. • Asset Impact: Show the results for this asset from the weighted factor analysis worksheet. In the example, this is a number from 1 to 100.
The worksheet shown in Table 4-9 is organized as follow • Vulnerability: List each uncontrolled vulnerability by a threat agent, as noted in the vulnerability analysis step. In the example, the number is from 0.1 to 1.0. • Risk-Rating Factor: Enter the figure calculated from the asset impact multiplied by likelihood. In the example, the calculation yields a number from 1 to 100.
Risk Assessment
Risk Assessment

Recommended

Yulin’s research introduction
Yulin’s research introductionYulin’s research introduction
Yulin’s research introductionyhsiao
 
Today
TodayToday
TodaySherin Bennet
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
 
Core Insight Enterprise 2min
Core Insight Enterprise 2minCore Insight Enterprise 2min
Core Insight Enterprise 2minNsolera
 
Core Insight Enterprise Overview
Core Insight Enterprise Overview Core Insight Enterprise Overview
Core Insight Enterprise Overview Nsolera
 
Simple steps-risk-assessment-form
Simple steps-risk-assessment-formSimple steps-risk-assessment-form
Simple steps-risk-assessment-formWorldForeignAffairsD
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Risk assessment principles and guidelines
Risk assessment principles and guidelinesRisk assessment principles and guidelines
Risk assessment principles and guidelinesHaris Tahir
 

Recommended

Yulin’s research introduction
Yulin’s research introductionYulin’s research introduction
Yulin’s research introductionyhsiao
 
Today
TodayToday
TodaySherin Bennet
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
 
Core Insight Enterprise 2min
Core Insight Enterprise 2minCore Insight Enterprise 2min
Core Insight Enterprise 2minNsolera
 
Core Insight Enterprise Overview
Core Insight Enterprise Overview Core Insight Enterprise Overview
Core Insight Enterprise Overview Nsolera
 
Simple steps-risk-assessment-form
Simple steps-risk-assessment-formSimple steps-risk-assessment-form
Simple steps-risk-assessment-formWorldForeignAffairsD
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Risk assessment principles and guidelines
Risk assessment principles and guidelinesRisk assessment principles and guidelines
Risk assessment principles and guidelinesHaris Tahir
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Unit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptxUnit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptxNarmatha D
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
Assignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxAssignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxlesleyryder69361
 
Assignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxAssignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxlesleyryder69361
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformTieu Luu
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingUK Defence Cyber School
 
List of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docxList of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docxsmile790243
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Ch9
Ch9Ch9
Ch9phanleson
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSaqib Raza
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachn|u - The Open Security Community
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachn|u - The Open Security Community
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxWk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxlefrancoishazlett
 
Key AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxKey AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxsleeperfindley
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Protection Poker: An Agile Security Game
Protection Poker: An Agile Security GameProtection Poker: An Agile Security Game
Protection Poker: An Agile Security GameTechWell
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

More Related Content

Similar to Risk Assessment

Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Chinatu Uzuegbu
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Unit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptxUnit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptxNarmatha D
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
Assignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxAssignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxlesleyryder69361
 
Assignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxAssignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxlesleyryder69361
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformTieu Luu
 
List of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docxList of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docxsmile790243
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfAbdulrafiiMohammed
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSaqib Raza
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxWk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxlefrancoishazlett
 
Key AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxKey AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxsleeperfindley
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Protection Poker: An Agile Security Game
Protection Poker: An Agile Security GameProtection Poker: An Agile Security Game
Protection Poker: An Agile Security GameTechWell
 

Similar to Risk Assessment (20)

Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specification
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Unit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptxUnit V - Hazard Indentification Techniques.pptx
Unit V - Hazard Indentification Techniques.pptx
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
 
Assignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docxAssignment ContentYou are part of a team selected by the C.docx
Assignment ContentYou are part of a team selected by the C.docx
 
Assignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docxAssignment ContentYou are part of a team selected by the Chi.docx
Assignment ContentYou are part of a team selected by the Chi.docx
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management Platform
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
List of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docxList of Current and Planned ControlsStep 4. Contr.docx
List of Current and Planned ControlsStep 4. Contr.docx
 
IS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdfIS-Risk-Management-Lecture-2.pdf
IS-Risk-Management-Lecture-2.pdf
 
Ch9
Ch9Ch9
Ch9
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approach
 
Risk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approachRisk assessment managment and risk based audit approach
Risk assessment managment and risk based audit approach
 
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docxWk 6 - Security AuditYou are part of a team selected by the Chie.docx
Wk 6 - Security AuditYou are part of a team selected by the Chie.docx
 
Key AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxKey AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docx
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Protection Poker: An Agile Security Game
Protection Poker: An Agile Security GameProtection Poker: An Agile Security Game
Protection Poker: An Agile Security Game
 

Recently uploaded

Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Risk Assessment

  • 1. Risk Assessment • assigns a risk rating or score to each information asset.
  • 2.
  • 3. Likelihood Is the probability that a specific vulnerability will be the object of a successful attack.
  • 4. Many asset/vulnerability combinations have sources for likelihood, for example: • The likelihood of a fire has been estimated actuarially for each type of structure. • The likelihood that any given e-mail contains a virus or worm has been researched. • The number of network attacks can be forecast based on how many assigned network addresses the organization has.
  • 6.
  • 9. Three general categories of control: 1. Policies General Security Policy Program Security Policy Issue – Specific Policy System – Specific Policy
  • 11. Documenting the Resu of Risk Assessment
  • 12. The worksheet shown in Table 4-9 is organized as follow • Asset: List each vulnerable asset. • Asset Impact: Show the results for this asset from the weighted factor analysis worksheet. In the example, this is a number from 1 to 100.
  • 13. The worksheet shown in Table 4-9 is organized as follow • Vulnerability: List each uncontrolled vulnerability by a threat agent, as noted in the vulnerability analysis step. In the example, the number is from 0.1 to 1.0. • Risk-Rating Factor: Enter the figure calculated from the asset impact multiplied by likelihood. In the example, the calculation yields a number from 1 to 100.