Does "risk score" always have to be a numerical value?
In the context of organisational IT security, for a threat such as the insider threat, is it actually okay to report (in a risk assessment) as "Risk Score=Medium" or does "risk score" always have to be of an numerical v… Continue reading Does "risk score" always have to be a numerical value?