Solved

Residual Risk

  • 22 November 2022
  • 4 replies
  • 24 views

Userlevel 4
Badge +2

How does Residual Risk get calculated and displayed within the ThreatModeler Platform?

icon

Best answer by nikunj.nagalia 1 December 2022, 20:06

View original

4 replies

Userlevel 5
Badge +3

Great question, Amir! One of our experts will be getting back to you shortly. @Yash.Raichura, can you answer this question for us? Thanks!

Kristen

Badge

Hi Kristen, 

Thanks for reaching out.

I am not sure if we calculate residual risk on the platform but i would ask @nikunj.nagalia  if he can answer this question.

Residual Risk should be what is left after seceurity requirements are implemented -- Please what is the status of this topic. It is an interesting question. 

Userlevel 2
Badge +1

@lion you’re spot on. While there are tools (such as the CVSS) to calculate a more in-depth risk of a vulnerability/weakness, from a threat perspective, the “calculation” part in my opinion becomes more of an art, than a direct science.

For me, I would look at how well my Security requirements have been implemented, and looking at those statuses, identify the appropriate risk profile of a threat.

Reply