Problem: Imagine you are a security engineer and have analyzed a software platform / app and uncovered security vulnerability.
Your analysis has concluded following aspects --
-- The vulnerability can be discovered through some reasonably simple network data analysis / traces, diagnostics
-- if exploited, it could affect some users but not all
-- it is not too difficult to exploit it as some malware / attack scripts may already exist
-- it can be reproduced / replicated with reasonable steps to show that it is real and can happen
-- the damage maybe to user data but not necessarily entire system wide
Answer the following:
Q1) With this assessment, determine Risk score of this scenarios.
Q2) Write down specifically how you arrived at the Risk score.