Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
Risk Assessment Matrix
Chassidic1
Hey all. I am trying to better understand the problem that the risk assessment matrix solves. (Conrad, 2E, page # 146)
Is this matrix just a simple, graphical display for threat/impact which makes threats easier visually (etc.) to prioritize? Or, does it provide something unique over the risk assessment formula of: Risk = threat x vulnerability x impact? My current understanding was that the "threat" metric in that formula takes likelihood of harm into consideration (already). ???
Thank you so much,
Dovid
Find more posts tagged with
Comments
f0rgiv3n
The Risk Assessment Matrix allows you to take one common matrix to apply to different situations and come out with comparable results.
Essentially it allows you to compare different situations to see which one has more risk or less.
For instance: A city that always has earthquakes, has built their buildings knowing this vs a city that rarely has earthquakes and doesn't build their buildings to be earthquake friendly.
Those two situations might come out to be the same amount of risk, in fact the city that rarely has earthquakes might even be more at risk than the one that will most likely have one next week. The matrix gives you a way to visually show this.
One thing to note... this is a Qualitative analysis
Chassidic1
Thanks f0rgiv3n
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
