Ranking Risk

In the NIST cyber security framework, in the risk assessment guidance, under the “Identify” function, you’ll see that it says that you should prioritize your risk responses according to the quantification that you’ve put together when it comes to the threat and the likelihood to your assets. So, what you will do is you will multiply the level of impact to your asset by the likelihood that you have identified of this occurring. That resulting figure will be the figure that you will use to rank all of your risks. So you’ll put the highest risks at top, and you’ll put your time and your resources to the things that are the highest risk. So, this is one way for you to choose where you’re going to put budget and energy. This is what the NIST cyber security framework recommends that you do. It's very good prescriptive advice to follow. 

Related Videos