Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)
Low Risk (10 x 1.0 = 10)
Medium Risk (50 x 1.0 = 50)
High Risk (100 x 1.0 = 100 )
Low Risk (10 x 0.5 = 5)
Medium Risk (50 x 0.5 = 25)
Medium Risk (100 x 0.5 = 50)
Low Risk (10 x 0.1 = 1)
Low Risk (50 x 0.1 = 5)
Low Risk (100 x 0.1= 100)
Risk was calculated as follows:
Loss of confidentiality, integrity, availability will have critical or severe effect on the university’s operations, assets as well as individuals.
· A Denial of service attack will prevent legitimate users from gaining access to resources like students unable to access their academic records.
· Major damage to the university’s image after an attack.
· Closure of business after an attack.
Medium ( 50)
Loss of confidentiality, integrity, availability will have a significant effect on the university’s operations, assets as well as individuals.
· Significant financial loss due to an attack on the communication devices or third party services
· Significant disruption of services
Low (10 )
Loss of confidentiality, integrity, availability will have limited effect on the university’s operations, assets as well as individuals
· Minor financial loss
· Minor disruption in operations
Magnitude of Impact
Likelihood (Weight Factor)
The threat source is highly capable, the asset value is high and highly motivated and controls to prevent the vulnerability from being exploited is inadequate.
The threat source is capable, asset value is moderate an motivated and the controls to prevent exploitation of the vulnerability may be in place.
The threat source lacks capability, intent, asset value is low and the controls are in place to prevent attacks.
And the following definitions:
Risk = Threat Likelihood x Magnitude of Impact
In determining risks associated with the university, we utilized the following model for classifying risk: