V{{rule.chapter}} - {{getChapterTitle(rule.chapter)}}

V{{rule.chapter}}.{{rule.nr}} - {{rule.title}}

PASS FAIL

How has this been verified (give a specific instance).

Why can this not be verified?

Threat agent factors

Vulnerability factors

Technical Impact

Business Impact

Threat agent factors

Vulnerability factors

Skill level	{{rule.risk.factors.likelihood.threatAgent.skillLevel}}
Motive	{{rule.risk.factors.likelihood.threatAgent.motive}}
Opportunity	{{rule.risk.factors.likelihood.threatAgent.opportunity}}
Size	{{rule.risk.factors.likelihood.threatAgent.size}}

Ease of discovery	{{rule.risk.factors.likelihood.vulnerability.easeOfDiscovery}}
Ease of exploit	{{rule.risk.factors.likelihood.vulnerability.easeOfExploit}}
Awareness	{{rule.risk.factors.likelihood.vulnerability.awareness}}
Intrusion detection	{{rule.risk.factors.likelihood.vulnerability.intrusionDetection}}

Average: {{rule.risk.factors.likelihood.threatAgent | ravg}}

Average: {{rule.risk.factors.likelihood.vulnerability | ravg}}

Overall likelihood {{rule.risk.factors.likelihood | ravg}}

Technical Impact

Business Impact

Loss of confidentiality	{{rule.risk.factors.impact.technical.lossOfConfidentiality}}
Loss of integrity	{{rule.risk.factors.impact.technical.lossOfIntegrity}}
Loss of availability	{{rule.risk.factors.impact.technical.lossOfAvailability}}
Loss of accountability	{{rule.risk.factors.impact.technical.lossOfAccountability}}

Financial damage	{{rule.risk.factors.impact.business.financialDamage}}
Reputation damage	{{rule.risk.factors.impact.business.reputationDamage}}
Non-compliance	{{rule.risk.factors.impact.business.nonCompliance}}
Privacy violation	{{rule.risk.factors.impact.business.privacyViolation}}

Average: {{rule.risk.factors.impact.technical | ravg}}

Average: {{rule.risk.factors.impact.business | ravg}}

Overall impact {{rule.risk.factors.impact | ravg}}

Risk = Likelihood * Impact

{{rule.risk.factors | ravg}} = {{rule.risk.factors.likelihood | ravg}} * {{rule.risk.factors.impact | ravg}}