Cyber Security: Risk Analysis Risk can be thought of as the chance of adverse consequences or loss occurring. Risks can be identified and the likelihood of them occurring assessed in risk analysis. The main technique for a qualitative analysis of risk is to construct a likelihood–impact matrix in which the likelihood and impact of each risk event are assessed against a defined scale and then plotted on a two-dimensional grid. The position on the grid represents the relative significance of each risk. The simplest matrix is formed by classifying both likelihood and impact as either high or low, which leads to a 2 by 2 grid. This basic classification of a high or low value leads to the following rank order for tackling risks:
Low-impact, low-likelihood risks are probably not worth expending much effort on. You need to prioritise the high-impact and high-likelihood risks one by one to determine whether there are ways either to reduce the impact if the risk occurs or to reduce the likelihood of the risk occurring, or both. The next stage is to apply quantitative techniques, based on a financial assessment of the impact of each of the risks, to put the risks into order, with the greatest risks at the top of the list. Sometimes it is hard to reach a decision about the importance of some risks until a corresponding response has been identified as well as any possible interactions between risk events and responses, so risk management is usually iterative in practice. ExampleLet's do a risk assessment of what would happen if personal assets were attacked by a hacker.
Carefully go through each and decide the impact loss would have - and the probability of them being targeted by hackers...
This then gives you an order of action in which to protect your assets. |
|