topic WENTZ’S RISK MODEL in Exam Preparation

RISK Concept in CISSP

wentzwu — Mon, 09 Oct 2023 09:20:55 GMT

It's common for friends to tell me how they feel frustrated when they are studying the concept of risk on the CISSP journey. The following is my two cents and I hope it helps.

Risk is the effect of uncertainty on objectives.
Source: ISO 31000

Risk = Uncertainty + Objectives + Effect
Threat = Uncertainty + Objectives + Negative Effect = Negative Risk
- Uncertainty = Threat Source + Threat Event + Vulnerability
- Objectives = CIA
- Negative Effect = Impacts
Threat = (Threat Source + Threat Event + Vulnerability) + CIA + Impacts
Risk Exposure = Uncertainty * Effect
Threat Exposure = Uncertainty * Impacts
Exposure is short for Risk Exposure or Threat Exposure

https://wentzwu.com/2019/10/15/wentzs-information-risk-model-v1-1/

Wentz’s Information Risk Model

Re: RISK Concept in CISSP

rslade — Mon, 14 Oct 2019 16:51:25 GMT

Hmmmm.

I like these better:

They lay out the relationships between the various terms.

But the best one is from the introduction to the Common Criteria:

Re: RISK Concept in CISSP

wentzwu — Mon, 14 Oct 2019 17:57:30 GMT

Thanks for sharing.

Would you pls advise the source for further study?

TKS!!

WENTZ’S RISK MODEL

wentzwu — Wed, 30 Oct 2019 08:39:42 GMT

Wentz’s Risk Model incorporates the Peacock Model, the Onion Model, the Ring Model, and the Concept of Neutral Risk.

The Concept of Neutral Risk, based on the risk definition of ISO 31000, introduces the business mindset of seizing opportunities and avoiding threats to highlight that information security is not only a business enabler but also a business driver.

The Peacock Model is a notion of information systems that extends the definition defined by 44 U.S.C, Sec 3502. The Onion Model denotes the concept of layered defense or defense in depth.

The Ring Model is derived from the NIST Generic Risk Model to specify risk in the context of information security.

https://wentzwu.com/2019/10/30/wentzs-risk-model/

WENTZ’S RISK MODEL