ID.RA-04 - Assessing Threat Impact and Likelihood
ID.RA-04 requires assessing and documenting the likelihood and potential impacts of threats exploiting identified vulnerabilities, such as data breaches or system failures. This collaborative effort between business and cybersecurity teams estimates risk scenarios and their consequences, recorded in tools like risk registers. It provides a clear picture of risk severity and scope.
This subcategory informs prioritization by quantifying how threats could disrupt operations or cascade across systems, guiding resource allocation. It ensures that risk assessments reflect real-world implications, such as financial or reputational loss. ID.RA-04 bridges vulnerability identification with actionable risk insights.
