Matching threats and vulnerabilities
Assign topic to the user
Answer: Unfortunately, our Risk assessment table does not offer this kind of automation. However, you should use your common sense when doing this matching - e.g. if a threat is a virus, then the vulnerability can be lack of anti-virus software. If a threat is fire then the vulnerability can be lack of procedures (incident response procedures) or lack of fire suppression systems.
As a general rule, each asset sh ould have 2 to 5 threats, and each threat 2 to 3 vulnerabilities. You really don't have to do more than that in your initial risk assessment.
Comment as guest or Sign in
Jan 12, 2016