Tag Archives: DREAD (Risk Assessment Model)

[Recommended Reading] DREAD (risk assessment model)

Source: DREAD (Risk Assessment Model)

DREAD is part of a system for risk-assessing computer security threats previously used at Microsoft and currently used by OpenStack and many other corporations. It provides a mnemonic for risk rating security threats using five categories.

The categories are:

  • Damage – how bad would an attack be?
  • Reproducibility – how easy is it to reproduce the attack?
  • Exploitability – how much work is it to launch the attack?
  • Affected users – how many people will be impacted?
  • Discoverability – how easy is it to discover the threat?

Read more…

Advertisements

Leave a comment

Filed under InfoSec, Recommendations