risk barometer

3 comments 3,596 views

Share with your Xing contacts

Depending upon information we have, we decide if a risk requires us to take an action or maybe we prefer choosing to ignore the risk.

The that information, a decision will be made resulting in an action, such as patching the vulnerable software by downloading and installing the latest version of the software where the vulnerability has been eliminated.

Important is that each:

-threat,

-vulnerability, and

-impact

all influence the way we assess a risk.

We use a ranking system that looks like this:

CyTRAP Labs risk barometer for infosec
low ele-
vated		 mode-
rately
critical		 critical severe
1 2 3 4 5
CyTRAP Labs 5-Punkte InfoSec Risiko-Barometer
niedrig vorsichtig mittel-
gradig
kritisch		 kritisch extrem
1 2 3 4 5

The above ranking scheme is used to assess the risk regarding a threat, vulnerability and impact.Here is additional information about the CyTRAP Labs risk barometer and how we get at the numbers we publish:

  • http://blog.cytrap.eu/?p=226 CyTRAP Labs – EU-IST – we help protect since 2000 » Blog Archive » EISAS and ENISA – will it help improve risk management across the EU?

    [...] This indicates that each one of the above groups has radically or detrimentally different risks to deal with regarding zero-day exploits or malware. This is not to say that they are not related (botnets create headaches for home users and their ISPs – infrastructure owners). To illustrate this further, any threat or vulnerabilitiy may cause little concern with home users, unless what it could mean for their PC’s hard-disk by becoming a victim of a hacker exploiting a newly discovered vulnerability in the operating system that runs the PC (see also CyTRAP Labs risk barometer). [...]

  • http://mobility.cytrap.eu/?p=32 CyTRAP Labs – mobiles Arbeiten und KMUs » Blog Archive » 2007-04-03 – Microsoft veroeffentlicht fuer April ein ungeplantes Sicherheits-Bulletin

    [...] DIE SIE NICHT VERGESSEN SOLLTEN_Informationen ueber wie man sich besser gegen zero-day exploits (0-day – what is it? nutzen Sie Login as guest zum freien Zugang) schuetzt gibt es hier:- CyTRAP [...]

  • http://blog.casescontact.org/?p=361 CyTRAP Labs – Wincurity – smarter protection » Blog Archive » 1st case of irresponsible public disclosure for 2008 – herding behavior and security vendors

    [...] The vulnerability was announced in a posting to the Daily Dave security discussion list. Based on this little information it is amazing how our esteemed colleagues are able to describe the vulnerability as being critical or highly critical (for clarification – check CyTRAP Labs’ risk barometer)? [...]