engines-wafu
commented
6 years ago - Criticality:
- Redundant Y/N.
- No of threats and consequences.
- Effectiveness:
- No of open actions and issues.
- Linked to kpi score.
- Use subjective WRAG.
Closed engines-wafu closed 6 years ago
engines-wafu
commented
6 years ago engines-wafu
commented
6 years ago Dependent on knowing kpi score at issue #17 and actions and issues being in place at issue #14.
engines-wafu
commented
6 years ago criticality = []:
if (redundant == 1) { criticality = 1 } else { (linked threats + linked consequences) / (total threats + total consequences) }
engines-wafu
commented
6 years ago k_n = kpis k_1 = green threshold k_2 = amber threshold k_3 = red threshold n_ct = number of controls, total n_c = number of controls, associated n_e = number of controls, exclusive n_it = number of issues, total n_i = number of issues, associated s = subjective score (red = 0.1, amber = 0.5, green = 0.1) c = criticality score e = effectiveness score
c = ( n_c . n_e ) / n_ct^2 e = s . ( ( sum_1^3 [k_n] - k_3 ) / sum_1^3 [k_n] ) . ( (n_t - n_i) / n_t)
engines-wafu
commented
6 years ago Opening to implement.
engines-wafu
commented
6 years ago Need to link kpis to controls.
engines-wafu
commented
6 years ago Need to link controls to actions.