This is the final part of the description of the risk machine. It shows how the complete risk assessment according to probability of risk occurence and financial impact is summarized:
All basic scenarios either for the availability or the security branch are specified according to probability, total financial impact and the resultant expeted value. You can easiliy identifiy which scenario has the highest probability and/or the highest expected value or can be neglected at all.
This model has been tested with real risks and has proven that is works well in the technical IT environment. But I am sure that it could be adapted also to other categories of risks.
sharkunicorn 