Threat risk distribution
We need to understand a few key concepts to clarify how the overall risk is calculated.
Risk itself is a characteristic of threats. Projects contain a set of components, each component is affected by some Threats, and to mitigate a threat we can apply countermeasures.
This means that risk can be described using three metrics:
|
![]() |
|
|
|
The overall risk of all my threat models
Now that we have clarified those concepts, the overall risk of all my threats models widget represents an average of all the threats presented in all the projects to which the user has visibility.
For instance, if we only have three projects:
Project |
Threat |
Risk |
---|---|---|
P1 |
T1 |
10 % |
P1 |
T2 |
10 % |
P3 |
T3 |
100 % |
|
Overall Risk for all the projects: |
(10 + 10 + 100) / 3 = 40% |
Comments
0 comments
Please sign in to leave a comment.