-
Key: SPECTRA-26
-
Status: open
-
Source: KDM Analytics ( Dr. Nikolai Mansourov)
-
Summary:
SPECTRA review 16-05-2025
• “Risk” -
o This definition does not match any standard definition of risk I know of - I suggest using a standard definition, such as from one of the referenced NIST documents or from the OMG RAAML specification, for such a common term to avoid confusion.
o This is one place where I believe SPECTRA should leverage RAAML. RAAML is a broader language for modeling risk and risk mitigation. SPECTRA could add a specific “cyber risk” and “cyber risk mitigation” perspective on top of that.
o Every other definition of risk includes a combination of impact and likelihood. This definition only mentioned impact. Risk without likelihood is just impact.
o This definition also more correctly describes the term “cyber risk” not “risk” which is a much broader concept than just cybersecurity. -
Reported: SPECTRA 1.0a1 — Mon, 26 May 2025 15:51 GMT
-
Updated: Mon, 2 Jun 2025 15:41 GMT