In this section, we show the equivalence of IriusRisk’s risk ratings with numeric values.
IriusRisk uses a range of options to describe the characteristics of a threat in terms of confidentiality, integrity, availability, and ease of exploitation, and also to measure how big is the business impact of a weakness. This range translates to the following equivalence to perform risk calculations:
|Risk Rating (R) for Threats||Numeric Equivalence|
|Very Low||R = 0|
|Low||0 < R <= 25|
|Medium||25 < R <= 50|
|High||50 < R <= 75|
|Critical||75 < R <= 100|