The Risk Score is one of the vendor scores. It is instrumental for understanding the total risk of a vendor. It gives an overall risk measure of a vendor which is obtained by adding the Trust Score and Impact Score.
Methodology
(Impact Score+(100-Trust Score))/2=Risk Score
Possible combinations:
Combination: Low Impact + Low Trust
Risk Details:
Low to Medium Risk
A vendor is a low business risk to the organization and doesn’t supply enough evidence to support that they have a strong security posture. It’s a low risk vendor.
Combination: High Impact + Low Trust
Risk Details:
High Risk
A vendor is a high business risk to the organization but doesn’t supply enough evidence to support that they have a strong security posture. They are considered high risk.
Combination: High Impact + High Trust
Risk Details:
Low to Medium Risk
A vendor is a high business risk to the organization and supplies abundant evidence to support that they have a strong security posture. They are still a risk but there’s enough confidence they have a security focus.
- January 31, 2025: Separated from Vendor Scoring: Trust, Impact, & Risk.
Feedback
0 comments
Please sign in to leave a comment.