The organization's exposure to and loss expectancy from a single risk is important information.
Values specified in the likelihood and exposure fields drive the security risk scores in the application. RiskVision calculates overall risk based in part on single loss expectancy from a given risk. Risks can also be excluded from the Adjusted Risk Score.
Exposure values for Confidentiality, Integrity, and Availability (CIA) assess the impact of a risk. Likelihood specified the probability of a risk occurring. The overall risk score is calculated as likelihood x impact.
To specify a risk's exposure, likelihood, and loss expectancy:
In the RiskVision Application application, go to Content > Risks.
Open the desired risk in the tree on the left.
Click the Exposure tab, then click Edit.
Enter the following parameters:
Parameter
Description
Exposure
Confidentiality
Risk of loss of confidentiality, 0 = no risk to 10 = maximum risk
Integrity
Risk of loss of data integrity, 0 = no risk to 10 = maximum risk
Availability
Risk of loss of availability of data, 0 =no risk to 10 = maximum risk
Likelihood
Likelihood
Likelihood that this risk will affect the organization, 0 = extremely unlikely to 10 = certain
Annualized Rate of Occurrence (FRO)
How often is the vulnerability likely to be exploited in a year
Single Loss Expectancy
Availability Cost
Cost in dollars, of not having the data available
Business Value
Affect in hours, on business operations
Database Corruption Cost
Cost, in dollars, of losing data integrity
Hardware Cost
Cost, in dollars, of new hardware and equipment
Replacement Cost
Cost, in dollars, of new software
Single Record Confidentiality Cost
Cost, in dollars, of loss of confidentiality for a single record (to be multiplied by the number of records)
System Confidentiality Cost
Cost, in dollars, of loss of confidentiality for the system as a whole
Calculation Parameters
Exclude from Adjusted Risk Score
Yes to exclude this risk's exposure and likelihood from the overall risk score
Multiply by the number of users
Click yes to multiply loss expectancy number by the number of users affected
- Click Save.