Skip to main content

How the overall risk for all the projects is calculated

Raúl García
  • Updated

Threat risk distribution

We need to understand a few key concepts to clarify how the overall risk is calculated.

Risk itself is a characteristic of threats. Projects contain a set of components, each component is affected by some Threats, and to mitigate a threat we can apply countermeasures.

This means that risk can be described using three metrics:

  • Inherent Risk (the risk we start with)

    A base risk value for a given Threat.

 image-20220920-061024.png

  • Current Risk (the risk we are at now)

    Result of decrementing the mitigated risk by each implemented countermeasure to the inherent risk

  • Projected Risk (the risk we plan to arrive at)

    Result of decrementing the risk mitigation of all required countermeasures to the inherent risk.

 

The overall risk of all my threat models

Now that we have clarified those concepts, the overall risk of all my threats models widget represents an average of all the threats presented in all the projects to which the user has visibility.

For instance, if we only have three projects:

image-20220915-142748.png

Project

Threat

Risk

P1

T1

10 %

P1

T2

10 %

P3

T3

100 %

 

Overall Risk for all the projects:  

(10 + 10 + 100) / 3 = 40%

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk