ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Risk

What basis should be adopted for calculating probability?

ANSWER

Under ISO 27005, probability should be assessed based on analysis of available data, such as historical incidents, system vulnerabilities, threat level, and the effectiveness of implemented security measures.

ENISA, meanwhile, emphasises that threat probability should not be treated as a fixed value, but as variables that depend on many factors, such as vulnerabilities, the effectiveness of safeguards, and the organization's operational context. In assessing probability, ENISA recommends using both qualitative methods (for example, assessment based on past experience) and quantitative methods, where it is possible to assign specific numerical values based on statistical analyses, threat models, and cybersecurity trends.

In its guidelines, ENISA also points to the importance of monitoring the changing threat landscape, as this enables dynamic assessment of probability, which changes over time.

Show all
PreviousNext

Read also:

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

12 March 2026

Jak wdrożyć KSC / NIS2 – zarządzanie ryzykiem

03 March 2026

Jak wdrożyć KSC / NIS2 – zarządzanie incydentami

Ranking aplikacji dla sygnalistów

Ochrona sygnalistów - ranking aplikacji

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.