- 1 min


Risk is the potential of gaining or losing something of value.

Risk(R) could be measured as

risk(R) = likelihood(L) × impact(I)


I = Technical Impact * Business Impact
L = Threat agent factors * Vulnerability factors

R can be function of four factors:
A = Value of the assets
T = the likelihood of the threat
V = the nature of vulnerability i.e. the likelihood that can be exploited (proportional to the potential benefit for the attacker and inversely proportional to the cost of exploitation)
I = the likely impact, the extent of the harm

Risk Management

We manage risk in one of the following ways-

After the risk has been managed the we do risk assessment on residual risk

Risk assessment


[1] OWASP Risk Rating Methodology
[2] Risk rating template example
[3] MITRE Risk impact assessment and priotization

Abhishek Tripathi

Abhishek Tripathi

Coder, InfoSec

rss facebook twitter github youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora keybase blog