In accordance with international risk management standards Assuredly leverage the standard formula which is:
Likelihood x Impact = Risk.
Information security risks are unique in that they require both a threat to be present i.e. a threat actor wants to steal you information) and a vulnerability to be present (i.e. one of your controls to stop this from happening is weak) in order for a event to have any likelihood of occurring.
Likelihood (Threat + Vulnerability) x Impact = Risk.
.png)
Assuredly provides you with real risk scenarios based on actual control weaknesses taking into account the controls you have assessed.
Once a risk scenario is identified the likelihood of the event is calculated using the maturity scores associated with controls that have been assessed.
Likelihood ratings are calculated using the overall maturity score of all controls that contribute to mitigating the risk. Scores for all answers, attributed to a risk, are aggregated and averaged to x/5.
The final x/5 score is plotted on the Likelihood axis of the risk matrix for each risk.
Impact ratings are calculated using either the inherent impact associated with potential outcome of each risk.
There are four potential outcome types: Loss of "Confidentiality, Integrity, Availability and/or Compliance."
Customers can adjust the inherent risk impact rating for each potential outcome type in the Worst Case Scenario settings under Company Settings.
Current and Target Likelihood and Impact ratings can be adjusted in the Risk Assessments Module.
Overall Risk Rating
The final risk rating is described with labels and ratings set out in Risk Matrix.
Business and Professional account holders can adjust the companies risk matrix to algin with their unique risk model used by their company.
.png)
