Best Practice: ISO Risk Assessment Matrix
Body
Statement of Best Practice
- Quickly assess risk in a consistent manner
Contact
Risk Matrix
| Threat |
p(T x V) |
| High |
Low |
Moderate |
High |
| Moderate |
Low |
Moderate |
Moderate |
| Low |
Low |
Low |
Moderate |
| |
Low |
Moderate |
High |
| |
Vulnerability |
| p(T x V) |
Risk |
| High |
Low |
Moderate |
High |
| Moderate |
Low |
Moderate |
High |
| Low |
Low |
Low |
Moderate |
| |
Low |
Moderate |
High |
| |
Impact |
Definitions
- High Threat = Occurring in higher education, or in this type of implementation
- Moderate Threat = Occurring, but outside of higher education
- Low Threat = Exists, but not occurring or active
- High Vulnerability = Lacking controls or safeguards
- Moderate Vulnerability = Some controls or safeguards
- Low Vulnerability = Well controlled or safeguarded
- High Impact = Regulated, sensitive, or operational data or requiring strong protections or maximum availability. Significant or moderate fines or penalties or moderate to major impairment of operations
- Moderate Impact = Institutional business and proprietary or general operational data or systems. Data not intended for public use or minor losses or inefficiencies
- Low Impact = Publicly releasable data and non-required operational data or systems. No privacy requirements or minimal availability loss
Details
Details
Article ID:
162525
Created
Fri 11/1/24 1:11 PM
Modified
Thu 10/30/25 10:47 AM