In this section, we show the equivalence of IriusRisk’s risk ratings with numeric values.
IriusRisk uses a range of options to describe the characteristics of a threat in terms of confidentiality, integrity, availability, and ease of exploitation, and also to measure how big is the business impact of a weakness. This range translates to the following equivalence to perform risk calculations:
Risk Rating (R) for Threats | Numeric Equivalence |
Very Low | R = 0 |
Low | 0 < R <= 25 |
Medium | 25 < R <= 50 |
High | 50 < R <= 75 |
Critical | 75 < R <= 100 |
Comments
0 comments
Article is closed for comments.