Obsah

Risks and their management

Within the framework of the National eGovernment Architecture, we support the reduction or elimination of risks recommendations and methodological materials produced by the NCGIB:

Risk calculation

To calculate the risk level of each asset, the equation is used:

Risk = Impact × Threat × Vulnerability

The resulting risk is given as a percentage. Risk is the arithmetic average based on the other attributes included. Or the arithmetic average of the impact, threat and vulnerability values. To determine the resulting risk level, it is necessary to first determine the value-ratios of these attributes.

Rating Scale

At the outset, we need to answer the following questions:

It is up to you how you answer these questions. For example, whether you choose a three-level rating (low-medium-high) or a rating based only on percentages (25%, 50%, 75%) or a rating based on abbreviations, letters or statuses (alpha, bravo, charlie…). In any case, you must be able to express all grades, whatever you call them, in numerical form so that you can calculate the resulting risk. A classic four-stage status scale might look like this: