cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Newcomer III

RISK Concept in CISSP

It's common for friends to tell me how they feel frustrated when they are studying the concept of risk on the CISSP journey. The following is my two cents and I hope it helps.

 

Risk is the effect of uncertainty on objectives.
Source: ISO 31000

 

  1. Risk = Uncertainty + Objectives + Effect
  2. Threat = Uncertainty + Objectives + Negative Effect = Negative Risk
    • Uncertainty = Threat Source + Threat Event + Vulnerability
    • Objectives = CIA
    • Negative Effect = Impacts
  3. Threat = (Threat Source + Threat Event + Vulnerability) + CIA + Impacts
  4. Risk Exposure = Uncertainty * Effect
  5. Threat Exposure = Uncertainty * Impacts
  6. Exposure is short for Risk Exposure or Threat Exposure

 

https://wentzwu.com/2019/10/15/wentzs-information-risk-model-v1-1/

Wentz’s Information Risk Model.jpgWentz’s Information Risk Model

InformationSecurityDefinition.jpgThe Peacock.jpg


Best regards,
Wentz Wu, CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
https://WentzWu.com
2 Replies
Community Champion

Re: RISK Concept in CISSP

Hmmmm.

 

I like these better:

 

 

Risk-threat-vulnerability-and-asset-relationship-II

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

risk-analysis

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

They lay out the relationships between the various terms.

 

But the best one is from the introduction to the Common Criteria:

 

 

image002

 


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Newcomer III

Re: RISK Concept in CISSP

Thanks for sharing.

Would you pls advise the source for further study?

TKS!!


Best regards,
Wentz Wu, CISSP-ISSMP,ISSEP,ISSAP/CCSP/CSSLP
https://WentzWu.com