Risk factor (computing) explained

In information security, risk factor is a collective name for circumstances affecting the likelihood or impact of a security risk.

Definitions

FAIR

Factor Analysis of Information Risk (FAIR) is devoted to the analysis of different factors influencing IT risk. It decompose at various levels, starting from the first level Loss Event Frequency and Probable Loss Magnitude, going on examining the asset, the threat agent capability compared to the vulnerability (computing) and the security control (also called countermeasure) strength, the probability that the agent get in contact and actually act against the asset, the organization capability to react to the event and the impact on stakeholders.

ISACA

Risk factors are those factors that influence the frequency and/or business impact of risk scenarios; they can be of different natures, and can be classified in two major categories:[1]

Risk scenario

An IT risk risk scenario is a description of an IT related event that can lead to a business impact, when and if it should occur.

Risk factors can also be interpreted as causal factors of the scenario that is materialising, or as vulnerabilities or weaknesses. These are terms often used in risk management frameworks.[1]

Risk scenario is characterized by:[1]

The risk scenario structure differentiates between loss events (events generating the negative impact), vulnerabilities or vulnerability events (events contributing to the magnitude or frequency of loss events occurring), and threat events (circumstances or events that can trigger loss events). It is important not to confuse these risks or throw them into one large risk list.[2]

See also

Notes and References

  1. http://www.isaca.org/Knowledge-Center/Research/Documents/RiskIT-FW-18Nov09-Research.pdf ISACA THE RISK IT FRAMEWORK (registration required)
  2. http://www.riskmanagementinsight.com/media/docs/FAIR_introduction.pdf "An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006