# Risk

- 1 min## Risk

Risk is the potential of gaining or losing something of value.

Risk(R) could be measured as

risk(R) = likelihood(L) × impact(I)

where,

I = Technical Impact * Business Impact

L = Threat agent factors * Vulnerability factors

R can be function of four factors:

A = Value of the assets

T = the likelihood of the threat

V = the nature of vulnerability i.e. the likelihood that can be exploited (proportional to the potential benefit for the attacker and inversely proportional to the cost of exploitation)

I = the likely impact, the extent of the harm

## Risk Managmant

We manage risk in one of the following ways-

- risk tranference
- risk avoidnace
- risk reduction
- risk acceptance
- risk mitigation

After the risk has been managed the we do risk assesmwnt on resuidial risk

Risk assesment

- qualitiative risk assement
- quantative risk assesment
- Single Loss Expentencey(SLE) * Annulized rate of occurance (ARO) = Annulizaed Loss Expectancy (ALE)

MTBF , MTTF , MTTR, DR

[1] OWASP Risk Rating Methodology

[2] Risk rating template example

[3] MITRE Risk impact assesment and priotization ssss