View on GitHub

oisru

Repository for the Open Information Security Risk Universe

Frequency Risk Factors

Risk Factors are estimable values that are correlational but may not be directly causal to the risk. An increase in a risk factor may not directly drive an increase in the risk but is indicative of an increase of the risk and will be useful for better informing expert estimation of the overall risk. A positively correlated risk factor increases as the risk increases.

Frequency risk factors are relevant to the estimation of the frequency, or likelihood, by which a risk is expected to occur.

External Frequency Risk Factors

External Frequency Risk Factors are risk factors that are outside of your scope of control that may affect frequency of the risks you manage.

These are stated as questions to ask yourself or your organisation. The ability to estimate or measure these risk factors will vary between organisations.

Internal Frequency Risk Factors

Internal Frequency Risk Factors are risk factors that are within your scope of control and that may affect the frequency of the risks you manage. These are factors that can be subject to an internal control.