Abstract
There is no universal agreement on how to measure risk. The definition of risk in ISO 31000, for example, comes with five notes, each defining risk in a slightly different way. Traditionally, risk value is a function of two factors, namely likelihood and consequence. However, within the field of cybersecurity, three-factor and many-factor definitions are gaining popularity. This chapter discusses the different alternatives and provides advice on when to use which.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 The Author(s)
About this chapter
Cite this chapter
Refsdal, A., Solhaug, B., Stølen, K. (2015). Which Measure of Risk Level to Use?. In: Cyber-Risk Management. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-23570-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-23570-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23569-1
Online ISBN: 978-3-319-23570-7
eBook Packages: Computer ScienceComputer Science (R0)