Ahmed Khatib
Sun, 06 Nov 2016 18:38:19 GMT
Slight Correct in the forumla: Hence Risk = Vulnerability * Threat * Asset.
Suppose ,if I use Webserver with IIS server 6.0, then threat is attacker, threat agent is iis server, vulnerability is weakness in iis server and risk is compromise of server. Am I getting things right
> @Ahmed Khatib Slight Correct in the forumla: Hence Risk = Vulnerability x Threat x Asset.
Threat Agent is not IIS server. It is medium/tool/ technique used to carry out the attack. Threat Agent : How the server was compromised? By the use of SQL Injection Or CSRF or XSS. Hope it is clear
Perfect, got it thanks