TRU Supporting Wildfire Evacuees » More info
Thompson Rivers University
Thompson Rivers University

Risk Analysis

This diagram was created to help explain the relationship between the various components of an information risk assessment using the basic formula for risk. Audiences that are new to Information Security and/or Risk Management may need to have some of the basic terms explained.

Information Secuirty Risk Analysis 
The Basic Statement

Likelihood X Impact = Risk

The risk statement is derived by following the Blue arrows:

The Likelihood That Threats Will exploit Vulnerabilities To attack Targets and compromise Information (confidentiality and/or integrity and/or availability) causing Impact = Risk.

Green arrows present the following control statements:

Risk can be Transferred to External reducing Impact = reduced Risk

Risk can be Transferred to External reducing Vulnerabilities Reducing Likelihood = reduced Risk

Risk can be Accepted by Executive

Risk can be Mitigated with Controls reducing Vulnerabilities Reducing Likelihood = reduced Risk

Ideally there should be a fifth control statement which I could not fit into the diagram. Risk cannot be ignored.

Contact us if you have questions, find this useful, or you make improvements to it.

Download this file in PDF or Powerpoint.

This diagram is shared here for non-commercial use under Creative Commons Attribution-Noncommercial-Share Alike 2.5 Canada (http://creativecommons.org/licenses/by-nc-sa/2.5/ca/).