Overview#
Risk Assessment is the determination of quantitative or qualitative estimate of risk related to a concrete situation and a recognized threat (also called an Unfortunate event or hazard).Risk Assessment in a Quantitative manner requires calculations of the two components of risk (R):
- the Magnitude of the Potential loss (L) if the Unfortunate event does occur (Ldapwiki has also seen the term Impact)
- the Probability of Loss (p) that the Unfortunate event will occur within the Threat landscape (Ldapwiki have also seen the term Likelihood)
Risk Assessment is calculating the chance that Attackers might succeed, so you know how much effort to spend defending against them. There may be many different ways that you might lose control or access to your data, but some of them are less likely than others. Risk Assessment means deciding which Attacks you are going to take seriously, and which may be too rare, too harmless, or too difficult to combat to worry about. The Risks that are considered Acceptable risk)
Within the context of Information security there are two types of risk that companies face:
Of course these may overlap and any given risk may be both a Real Risk and a Regulatory RiskThreat Model#
Risk Assessment is performed by creating a Threat Model.Risk Assessment and Authentication#
The Risk Assessment for Authentication failure that would allow an Unauthorized entity Access to a Protected Resource is dependent on the Magnitude of the Potential loss of the Protected Resource or Disclosure or the Protected Data.The Probability of Loss occurrence appears to be high within the Threat landscape
Risk Assessment within the API Economy, where almost all Protected Resources are accessible in a programmatic method, and Credential Leakage may occur from many DataStores adds to the Complexity of Authentication
More Information#
There might be more information for this subject on one of the following:- Adaptive Risk
- Application Authorization Cryptogram
- Assurance Level
- Authenticator Assurance Levels
- Contingency Planning
- Continuity Management
- Covert Redirect Vulnerability
- Data Classification
- Data Security Impact
- HIPAA Security Rule
- IDM Related Compliance Items
- IMA Policies
- Identity Assurance Level
- Level Of Assurance
- M-04-04 Level of Assurance (LOA)
- Magnitude of the Potential loss
- Open Factor Analysis of Information Risk
- Risk
- Risk Management
- Risk Parameter
- SOC 1
- SOC 2
- Strength of Function for Authenticators - Biometrics
- User and Entity Behavior Analytics
- Web Blog_blogentry_010117_1
- [#1] - Risk Assessment
- based on information obtained 2016-01-07