LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

In a "Value at Risk" view of cyber risk, which three high-level factors combine to determine the risk to an asset?

Vulnerability, Assets, and Profile of Attacker — together they answer who/why, what/how, and where/when an attack happens.

Value at Risk hub with three spokes: Vulnerability, Assets, Attacker Profile.

* Value at Risk — three factors combine: Vulnerability (where/when), Assets (what/how), Attacker Profile (who/why). *

Value at Risk decomposes cyber risk into three buckets. Vulnerability covers existing weaknesses, the maturity of defending systems, and the number of successful past breaches. Assets splits into tangible and intangible value. Profile of Attacker covers the type of attackers, the type of attacks, and their tactics and motivations. WHY this framing: it forces you to reason about all three at once — a weak system (vulnerability) holding crown-jewel data (asset) facing a motivated state actor (attacker profile) is the scenario worth your budget, not a hardened system holding nothing.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 20, 2026