In DREAD methodology of risk analysis in threat analysis, how is the Risk score for each threat is calculated

  1. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users)

  2. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users)

  3. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users)

  4. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users)


Correct Option: D
Explanation:

To understand how the Risk score for each threat is calculated in DREAD methodology, the user needs to know the components of the DREAD acronym, which stands for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. In this method, each component is scored on a scale of 0 to 10, with 10 representing the highest possible value. The scores for each component are then used to calculate the overall risk score for each threat.

Now, let's go through each option and explain why it is right or wrong:

A. Risk score = (Reproducibility * Exploitability * Discoverability) / (Damage potential * Affected users) This option is incorrect. The formula is not correct as it is multiplying the Reproducibility, Exploitability, and Discoverability and dividing it by the Damage potential and Affected users. The correct formula involves adding up the scores for each of the five components, not multiplying and dividing them.

B. Risk score = (Reproducibility * Exploitability - Discoverability) ^ (Damage potential + Affected users) This option is incorrect. The formula is not correct as it is subtracting the Discoverability from the product of Reproducibility and Exploitability, and then taking the result to the power of the sum of Damage potential and Affected users. The correct formula involves adding up the scores for each of the five components, not subtracting and taking the power of them.

C. Risk score = (Reproducibility + Exploitability + Discoverability) / (Damage potential + Affected users) This option is incorrect. The formula is not correct as it is adding the Reproducibility, Exploitability, and Discoverability and then dividing it by the sum of Damage potential and Affected users. The correct formula involves adding up the scores for each of the five components, but not dividing them by anything.

D. Risk score = (Reproducibility + Exploitability + Discoverability) * (Damage potential + Affected users) This option is correct. The formula is correct as it is adding the Reproducibility, Exploitability, and Discoverability and then multiplying it by the sum of Damage potential and Affected users. The correct formula involves adding up the scores for each of the five components, and then multiplying them by each other.

Therefore, the answer is: D

Find more quizzes: