Search
Updated on March 26, 2024

Advanced Risk Breakdown – CIA

Estimated reading: 2 minutes 314 views

The advanced risk breakdown gives you the option to input your risk impact using the Confidentiality, Integrity, and Accessibility (CIA) triad.

The significance of breaking down risks into these essential components is to fortify the fabric of project resilience. Understanding how risks impact the confidentiality of data, the integrity of processes, and the availability of resources empowers project teams to proactively address vulnerabilities. 

Advanced Risk Breakdown – CIA

Some organizations require defining and maintaining CIA values for system-based threat modeling 

  1. Confidentiality means the information is not disclosed to unauthorized users or entities
  2. Integrity is when the information is consistent and not altered without proper approvals in place.
  3. Availability is where the information is accessible to the authorized user when required.

You can document the impact a bad actor would have on any of the above properties

To further aid threat modeling, you can explain the likelihood of an incident by looking at the number of incidents as well as the chance of a successful incident taking place. 

  1. Likelihood of Incident Effectiveness: If a bad actor were to cause an incident, what’s the probability that they would cause meaningful damage? 
  2. Likelihood of Incident: How likely are bad actors to try and break in or cause an incident? For example, the chance that a  bad actor will steal from a lemonade stand is low, whereas the chance of bad actors wanting to take down military communication systems is high. 

The following screenshot shows the advanced breakdown of inherent risk.

Advanced Risk Breakdown - CIA

The business impact and likelihood default to the maximum value rather than the average value. For example, a Severe rating for confidentiality will default the overall business impact to Severe regardless of the values for integrity or availability.

Unless you have an obligation to define and require measuring the impact of any of the CIA principles, using the default simple risk breakdown is fine and acceptable.

To learn more about TrustRegister, click here!

Assessments - Previous Inherent Risk Scoring Next - Assessments Target Risk Level (Optional)

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR