December 23, 2021 by Admin
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
- the likelihood of a given threat attempting to exploit a vulnerability
- a function of the cost and effectiveness of controls over a vulnerability
- the magnitude of the impact should a threat exploit a vulnerability
- a function of the likelihood and impact, should a threat exploit a vulnerability