LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

A "Value at Risk" analysis is meant to answer who/why, what/how, and where/when about a cyberattack. What does each of those questions address?

Who and why = threat types and their motivations; what and how = the type and technical sophistication of the attack; where and when = the organization's vulnerability measured against a cyber-resilience maturity level.

"Who and why" addresses target attractiveness and threat motivation — is this organization a juicy target, and to whom? "What and how" addresses the attacker's technical means and level of sophistication — script-kiddie noise or nation-state precision? "Where and when" addresses exposure as measured by a standard cyber-resilience maturity model — how ready are the defending systems. Answering all three turns a vague fear ("we might get hacked") into a concrete, prioritizable scenario.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 20, 2026