Use | Description | Formula |
---|---|---|
Definition of risk | Used to represent risk | Risk = asset value × threat × vulnerability |
Threat calculation | Numeric representation of threat | Threat = exposure factor (EF) × annual rate of occurrence (ARO) |
Vulnerability calculation | Measures control deficiency | Control deficiency (CD) = 1 - control effectiveness |
Risk calculation | Used to quantify risk | Risk = asset value × EF × ARO × CD |