Page 20 - Ghost Digital
P. 20

Risk Controls and their dynamics



                  The system starts by taking a risk and with no controls in place estimates the likelihood and impact
                  from which an algorithm calculates its UTM. We call this the “Raw” UTM. As each control is put in place
                  then either the likelihood, the impact or both are reduced. This calculates a lower UTM. The more controls
                  put in place the lower the UTM and the difference between RAW UTM and Current UTM in percentage
                  terms is called the overall mitigation effectiveness. Controls can be in four states. They can be “draft”










































































  20
   15   16   17   18   19   20   21   22   23   24   25