It's part of general business operations. If something is guaranteed to happen, it's not a risk. However, if you have good IT staff who can identify vulnerabilities and they update the operating system to version 1.8, your vulnerability is low, even though the information value is still high because the backdoor was patched in version 1.8.Ī few things to keep in mind is there are very few things with zero risk to a business process or information system, and risk implies uncertainty. If your office has no physical security, your risk would be high. This operating system has a known backdoor in version 1.7 of its software that is easily exploitable via physical means and stores information of high value on it. Imagine you were to assess the risk associated with a cyber attack compromising a particular operating system.
Using this simple methodology, a high-level calculation of cyber risk in an IT infrastructure can be developed: Cyber risk = Threat x Vulnerability x Information Value UpGuard's risk profile feature categorizes discovered risks by impact factor.
