⚠Unset factors:
Likelihood
—
Threat Agent Factors
Skill Level?How technically skilled is this group of threat agents?—
Motive?How motivated is this group of threat agents to find and exploit this vulnerability?—
Opportunity?What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability?—
Size?How large is this group of threat agents?—
Threat Agent
—
Threat Agent Notes:
Vulnerability Factors
Ease of Discovery?How easy is it for this group of threat agents to discover this vulnerability?—
Ease of Exploit?How easy is it for this group of threat agents to actually exploit this vulnerability?—
Awareness?How well known is this vulnerability to this group of threat agents?—
Intrusion Detection?How likely is an exploit to be detected?—
Vulnerability
—
Vulnerability Notes:
Impact
—
Technical Impact Factors
Loss of Confidentiality?How much data could be disclosed and how sensitive is it?—
Loss of Integrity?How much data could be corrupted and how damaged is it?—
Loss of Availability?How much service could be lost and how vital is it?—
Loss of Accountability?Are the threat agents' actions traceable to an individual?—
Technical Impact
—
Technical Impact Notes:
Business Impact Factors
Financial Damage?How much financial damage will result from an exploit?—
Reputation Damage?Would an exploit result in reputation damage that would harm the business?—
Non-compliance?How much exposure does non-compliance introduce?—
Privacy Violation?How much personally identifiable information could be disclosed?—
Business Impact
—
Business Impact Notes:
Likelihood
—
—
Impact
—
—
Overall Risk Severity
—
Vector
—
Severity Matrix Reference
| Overall Risk Severity | |||
|---|---|---|---|
| LOW Likelihood | MEDIUM Likelihood | HIGH Likelihood | |
| HIGH Impact | Medium | High | Critical |
| MEDIUM Impact | Low | Medium | High |
| LOW Impact | Note | Low | Medium |
0 to <3 = LOW | 3 to <6 = MEDIUM | 6 to 9 = HIGH