Abstract
There is no universal agreement on how to measure risk. The definition of risk in ISO 31000, for example, comes with five notes, each defining risk in a slightly different way. Traditionally, risk value is a function of two factors, namely likelihood and consequence. However, within the field of cybersecurity, three-factor and many-factor definitions are gaining popularity. This chapter discusses the different alternatives and provides advice on when to use which.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 The Author(s)
About this chapter
Cite this chapter
Refsdal, A., Solhaug, B., Stølen, K. (2015). Which Measure of Risk Level to Use?. In: Cyber-Risk Management. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-23570-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-23570-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23569-1
Online ISBN: 978-3-319-23570-7
eBook Packages: Computer ScienceComputer Science (R0)