Computer Science Grade 10 20 min

Risk Assessment

Risk Assessment

Tutorial Preview

1

Introduction & Learning Objectives

Learning Objectives Define the core components of risk: assets, threats, vulnerabilities, likelihood, and impact. Identify potential assets, threats, and vulnerabilities in a given computer system scenario. Apply the qualitative risk formula (Risk = Likelihood x Impact) to calculate a risk score. Use a risk matrix to categorize and prioritize different cybersecurity risks. Differentiate between a threat and a vulnerability. Analyze a simple system, such as a web application or database, and propose a list of potential risks. Your new social media app has 10,000 users! 🥳 But what if a hacker steals their passwords? How do you decide what to protect first? Risk Assessment is the process of identifying, analyzing, and evaluating what could go wrong with our computer systems....
2

Key Concepts & Vocabulary

TermDefinitionExample AssetAnything of value to an organization or individual that needs protection.For a school, the student grades database is a critical asset. For a gamer, their account with rare in-game items is an asset. ThreatAny potential event or actor that could cause harm to an asset.A malicious hacker attempting to breach a network, a server power outage, or an employee accidentally deleting a file. VulnerabilityA weakness or gap in a system's security that a threat can exploit to cause harm.A web server that hasn't been updated with the latest security patches, or a database that allows for SQL injection attacks. LikelihoodThe probability or chance that a specific threat will exploit a specific vulnerability.The likelihood of a phishing attack targeting school emplo...
3

Core Syntax & Patterns

Qualitative Risk Calculation Formula Risk = Likelihood × Impact This is the fundamental formula for calculating a risk score. Likelihood and Impact are typically rated on a numerical scale (e.g., 1-5) or with qualitative labels (Low, Medium, High). The resulting score helps prioritize which risks to address first. The Risk Assessment Process 1. Identify Assets -> 2. Identify Threats & Vulnerabilities -> 3. Analyze Likelihood & Impact -> 4. Calculate & Prioritize Risk This is the step-by-step mental model for performing a risk assessment. Following this order ensures a structured and thorough analysis, preventing you from missing crucial steps. The Risk Matrix A grid with Likelihood on one axis and Impact on the other. The cells are color-coded (e.g...

4 more steps in this tutorial

Sign up free to access the complete tutorial with worked examples and practice.

Sign Up Free to Continue

Sample Practice Questions

Challenging
A small e-commerce website stores customer data, including credit card information, in a database. The server is not patched, the admin password is 'admin123', and there is no firewall. Which of the following represents the HIGHEST priority risk to assess?
A.power outage causing the website to go down for an hour (Likelihood: Low, Impact: Medium).
B.competitor stealing the website's public-facing design (Likelihood: Low, Impact: Low).
C.An external attacker exploiting the weak password and unpatched server to steal all customer credit card data (Likelihood: High, Impact: Critical).
D.An employee accidentally misspelling a product description (Likelihood: High, Impact: Low).
Challenging
A system administrator states, 'We haven't been targeted by ransomware in 10 years, so the likelihood is extremely low. We don't need to invest in advanced off-site backups.' What is the primary flaw in this reasoning, according to the tutorial's common pitfalls?
A.The administrator is confusing a threat with a vulnerability.
B.The administrator is correctly identifying a low-risk scenario that requires no action.
C.The administrator is underestimating a high-impact risk based on its low likelihood, ignoring the potential for catastrophic damage.
D.The administrator is focusing on a malicious threat while ignoring accidental threats.
Challenging
A company has a limited budget and can only address one of two risks this quarter. Risk X is a web server vulnerability with L=5, I=3 (Risk Score=15). Fixing it costs $500. Risk Y is a database flaw with L=4, I=5 (Risk Score=20). Fixing it costs $5,000. What is the best course of action based on risk assessment principles?
A.Fix Risk Y, because it has a higher risk score and represents a more critical potential impact, despite the higher cost.
B.Fix Risk X, because it has the highest likelihood and is cheaper to fix.
C.Fix neither, as both fixes are too expensive for the budget.
D.Fix Risk X ten times, as this equals the cost of fixing Risk Y.

Want to practice and check your answers?

Sign up to access all questions with instant feedback, explanations, and progress tracking.

Start Practicing Free

More from Cybersecurity Practicum

Penetration Testing Intro Security Auditing Secure Coding Practices Compliance Standards

Ready to find your learning gaps?

Take a free diagnostic test and get a personalized learning plan in minutes.

Free Diagnostic Test Sign Up Free