- 1 min


Risk is the potential of gaining or losing something of value.

Risk(R) could be measured as

risk(R) = likelihood(L) × impact(I)


I = Technical Impact * Business Impact
L = Threat agent factors * Vulnerability factors

R can be function of four factors:
A = Value of the assets
T = the likelihood of the threat
V = the nature of vulnerability i.e. the likelihood that can be exploited (proportional to the potential benefit for the attacker and inversely proportional to the cost of exploitation)
I = the likely impact, the extent of the harm

Risk Managmant

We manage risk in one of the following ways-

After the risk has been managed the we do risk assesmwnt on resuidial risk

Risk assesment


[1] OWASP Risk Rating Methodology
[2] Risk rating template example
[3] MITRE Risk impact assesment and priotization ssss

Abhishek Tripathi

Abhishek Tripathi

Coder, InfoSec

rss facebook twitter github youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora