LAWS OF SECURITY

COMMUNICATING RISK

1. RISK UNDERSTANDING

Understand what can go wrong and explain it the simplest possible way.


2. ATTACK SCENARIO

Support your explanation with a realistic attack scenario. Provide a pragmatic example of how the risk can result in an actual attack.


3. BUSINESS IMPACT

Explain what is the impact to the business if this risk becomes true. At the end of the day it’s about the most important thing.





Original source.