Risk Methodology
Threat Scenario Construction
Each risk scenario includes:
- Threat source
- Attack vector
- Target asset
- Potential impact
Example:
Unauthorized access to VPS via exposed service → Threat: External attacker → Impact: Service compromise, data exposure
Risk Evaluation
Risk level determined through:
- Likelihood (Low / Medium / High)
- Impact (Low / Medium / High)
The evaluation remains qualitative at this stage.
Review Cycle
Risk analysis is updated when:
- New infrastructure components are added
- New services are exposed
- Significant configuration changes occur