Print
Print:
Body
Best Practice: ISO Risk Assessment Matrix
Body
Statement of Best Practice
Quickly assess risk in a consistent manner
Contact
CISO
Risk Matrix
Threat
p(T x V)
High
Low
Moderate
High
Moderate
Low
Moderate
Moderate
Low
Low
Low
Moderate
Low
Moderate
High
Vulnerability
p(T x V)
Risk
High
Low
Moderate
High
Moderate
Low
Moderate
High
Low
Low
Low
Moderate
Low
Moderate
High
Impact
Definitions
High Threat = Occurring in higher education, or in this type of implementation
Moderate Threat = Occurring, but outside of higher education
Low Threat = Exists, but not occurring or active
High Vulnerability = Lacking controls or safeguards
Moderate Vulnerability = Some controls or safeguards
Low Vulnerability = Well controlled or safeguarded
High Impact = Regulated, sensitive, or operational data or requiring strong protections or maximum availability. Significant or moderate fines or penalties or moderate to major impairment of operations
Moderate Impact = Institutional business and proprietary or general operational data or systems. Data not intended for public use or minor losses or inefficiencies
Low Impact = Publicly releasable data and non-required operational data or systems. No privacy requirements or minimal availability loss
Details
Details
Article ID:
162525
Created
Fri 11/1/24 1:11 PM
Modified
Mon 11/4/24 9:36 AM
Supported Office or Community
University Community of Students, Staff, and Faculty