Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Risk Analytics and Measurement CRA

Terminology

Assessment: The action of evaluating, estimating, or judging against defined criteria. Different types of assessment (qualitative, quantitative, and semi-quantitative) are used to assess risk. Some types of assessment yield measures

Assessment Result(s): Output or outcome of an assessment.

Qualitative Assessment: Uses of a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels. [Source: SP 800-30]

Quantitative Assessment: Uses a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment. [Source: SP 800-30]

Semi-Quantitative Assessment: Uses of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts. [Source: SP 800-30

Measurement: The process of obtaining quantitative values using quantitative assessment.

Measures: Quantifiable and objective values resulting from measurement.

Metrics: Measures and assessment results designed to track progress, facilitate decision-making and improve performance with respect to a set target.

 

Created September 07, 2018, Updated January 18, 2024