After this lesson, you will be able to: Identify assets, model threats, score risk on a likelihood-impact matrix.
Risk assessment is structured: catalog what you have, what threatens it, how likely × how bad, plot on a matrix, prioritize.
1. Asset inventory, what do we own that's worth protecting?
2. Threat modeling, what could go wrong (STRIDE, kill chain)?
3. Vulnerability identification, pen tests, scans, audits.
4. Likelihood scoring, frequency × exposure × control gaps.
5. Impact scoring, financial, regulatory, reputational.
6. Plot on 5x5 matrix → prioritize top-right (high/high).
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. For each component, walk through STRIDE and note plausible threats.
What do you do?
Sign in and purchase access to unlock this lesson.