๐๏ธ 1. Important Terminology
Information System
๐๏ธ 2. Key risk concepts
Risk
๐๏ธ 3. Risks models
7 items
๐๏ธ 4. Risk Exposure
Likelihood Level
๐๏ธ 5. Risk Aggregation
Organizations may use risk aggregation to combine several discrete or lower-level risks into a more general or higher-level risk. This approach can help manage the scope and scale of risk assessments across multiple information systems and mission/business processes that have defined relationships and dependencies.
๐๏ธ 6. Risk Appetite & Risk Tolerance
Weighing Risk in Decisions
๐๏ธ 7. Risk Assessment Approaches
Risk can be assessed in various ways: quantitatively, qualitatively, or semi-quantitatively. Each approach has its advantages and disadvantages, and organizations choose based on their culture and attitudes towards uncertainty and risk communication.
๐๏ธ 8. Analysis Approaches
Analysis approaches differ in terms of the orientation or starting point of the risk assessment, the level of detail, and how risks related to similar threat scenarios are treated. An analysis approach can be: