Overview
Risk Models
Risk models define the risk factors to be assessed and the relationships among those factors.
Risk factors
Risk factors are characteristics used in risk models as inputs to determining levels of risk in risk assessments. Risk factors are also used extensively in risk communications to highlight what strongly affects the levels of risk in particular situations, circumstances, or contexts.
Typical risk factors
Typical risk factors include:
- Threat,
- Vulnerability,
- Predisposing condition,
- Threat scenarios,
- Likelihood,
- Impact,
- Aggregation.
Risk factors can be decomposed into more detailed characteristics (e.g., threats decomposed into threat sources and threat events).
These definitions are important for organizations to document prior to conducting risk assessments because the assessments rely upon well-defined attributes of threats, vulnerabilities, impact, and other risk factors to effectively determine risk.
(Source: NIST SP 800-30)