Btec international level 3 it specification

C2 Assessment of the risk severity for each threat

Yüklə 2,75 Mb.

Pdf görüntüsü

səhifə	146/350
tarix	17.10.2023
ölçüsü	2,75 Mb.
	#156471

1 ... 142 143 144 145 146 147 148 149 ... 350

btec-international-level-3-it-specification

Probability of threat occurring
Impact level/value of the loss

C2 Assessment of the risk severity for each threat
Understand how to assess the risk severity of an organisation’s computer system in
different scenarios.
•
A risk is a threat that could result in some form of loss at some point in time.
•
Risk severity = probability of the threat occurring × expected impact level/value
of the loss.
•
Measures for risk severity include:
o
risk severity = low, medium, high and extreme
o
probability of the threat occurring = unlikely (approximately every year),
likely (approximately every week or month) and very likely (approximately once
or more a day)
o
impact level/value of the loss = minor, moderate and major.
•
Be able to use the following risk severity matrix:
Probability of threat
occurring
Very likely
Medium
High
Extreme
Likely
Low
Medium
High
Unlikely
Low
Low
Medium
Minor
Moderate
Major
Impact level/value of the loss
•
Risk assessment approach:
o
risk assessments are carried out during system design (review) and at regular
intervals during operation (audit) and following a security breach, as threats are
constant and ever changing
o
a risk assessment method will:
–
identify possible threats and assess the probability of different threats
occurring
–
assess the vulnerabilities of a computer-networked system to specific threats
–
assess the impact level/value of the potential loss
–
determine the risk severity (low, medium, high and extreme).

U
NIT
11:
C
YBER
S
ECURITY AND
I
NCIDENT
M
ANAGEMENT
Pearson BTEC International Level 3 Qualifications in Information Technology –
Specification – Issue 3 – September 2022 © Pearson Education Limited 2022
160

Yüklə 2,75 Mb.

Dostları ilə paylaş:

1 ... 142 143 144 145 146 147 148 149 ... 350