adulau/threats-risk-index
1
0
Fork 0
mirror of https://github.com/adulau/threats-risk-index.git synced 2024-11-21 17:47:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

Small clarification regarding the sum of *non-implemented measures*

Browse source
This commit is contained in:
Alexandre Dulaunoy 2017-07-21 10:26:25 +02:00
parent 685196aef7
commit 246787d114
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -4,7 +4,8 @@ Threats Risk Index (TRI)
**Work in progress** **Work in progress**
Threats Risk Index (TRI) is a different way to calculate risks in information security. As we have seen that a lot of risks model based on Threats Risk Index (TRI) is a different way to calculate risks in information security. As we have seen that a lot of risks model based on
generic cases, we wanted to create a risk evaluation which is based on current existing threats. The model of calculation is based on a simple way to sum the measures not implemented. generic cases, we wanted to create a risk evaluation which is based on current existing threats (e.g. real threats reported to CERT or handled by CSIRTs).
The model of calculation is based on a simple way to sum the *measures not implemented* per threat.
~~~~ ~~~~
Threats Risk Index = (Threat probability) * (1+SUM(recommendations not implemented)) Threats Risk Index = (Threat probability) * (1+SUM(recommendations not implemented))
@ -45,7 +46,7 @@ Off-line backup = 4
Patching of browser extension = 2 Patching of browser extension = 2
~~~~ ~~~~
If none of the counter-measures are taken, the following risk can be calculated: If none of the counter-measures are implemented, the following TRI can be calculated:
~~~~ ~~~~
(0.03) (1+3+4+4+2) = .42 (0.03) (1+3+4+4+2) = .42