Understanding Risk-Based Prioritization
Risk-based prioritization is a methodology that evaluatesboth the likelihood and impact of risksto determine which threats require immediate action.
✅Why Risk-Based Prioritization?
Focuses onhigh-impact and high-likelihoodrisks first.
HelpsSOC teams manage alerts effectivelyand avoid alert fatigue.
Used inSIEM solutions (Splunk ES) and Risk-Based Alerting (RBA).
Example in Splunk Enterprise Security (ES):
Afailed login attemptfrom aninternal employeemight below risk(low impact, low likelihood).
Multiple failed loginsfrom aforeign countrywith a knownbad reputationcould behigh risk(high impact, high likelihood).
❌Incorrect Answers:
A. Threat modeling→ Identifies potential threats but doesn’tprioritize risks dynamically.
C. Incident lifecycle management→ Focuses on handling security incidents, notrisk evaluation.
D. Statistical anomaly detection→ Detects unusual activity but doesn’tprioritize based on impact.
????Additional Resources:
Splunk Risk-Based Alerting (RBA) Guide
NIST Risk Assessment Framework
