Over the years, we've received a number of inquiries about the OWASP Risk Rating Methdology with some contention around how we have integrated it into SimpleRisk. Some have questioned how SimpleRisk reaches its final risk score while others have pointed to differences in the Skill Level values. Let's delve into this...
Normalizing Risk Scoring Across Different Methodologies
If the "textbook" definition of risk scoring is Risk = Likelihood x Impact, then a Severe (5) impact and an Almost Certain (5) likelihood should have a score of 25, right? The answer isn't quite so simple...
Risk Management for Dummies
Today I had a really interesting conversation with a guy from Japan via LinkedIn. It started with him trying to sell me...
How Does an Asset's Value Affect Your Risk?
Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...
