Home

probre

Probre is a term used in risk analysis to describe a composite risk measure that combines the probability of an adverse event with the severity of its consequences over a specified time horizon. It is designed to yield a single, comparable score to facilitate prioritization and resource allocation.

Etymology and history: The word is a portmanteau of probability and breach (or risk of breach) and

Computation and interpretation: In its simplest form, Probre is the product of a probability p (0 ≤

Applications: Probre is used for prioritizing cybersecurity controls, evaluating project risks, and environmental or operational risk

Limitations: As a simplification, Probre reduces multi-dimensional risk to a single number and depends on how

See also: Risk assessment, Expected value, Risk matrix, Cybersecurity risk, Probability.

originated
in
cybersecurity
risk
literature
in
the
late
2010s,
with
broader
adoption
in
risk-management
discussions.
p
≤
1)
and
an
impact
i
(0
≤
i
≤
1
or
0–100),
i.e.,
Probre
=
p
×
i.
When
expressed
on
a
0–100
scale,
Probre
serves
as
a
percentage-like
risk
measure.
Some
approaches
adjust
for
time
horizon
or
incorporate
distributions,
using
expected
value
or
Monte
Carlo
estimates.
A
higher
Probre
value
indicates
greater
risk.
The
measure
is
commonly
interpreted
as
the
expected
severity
of
loss
per
period,
given
the
likelihood
of
the
event.
assessments.
Example:
if
the
probability
of
a
data
breach
within
a
year
is
0.05
and
the
impact
score
is
0.8,
Probre
=
0.04
(or
4%
on
a
0–1
scale).
probability
and
impact
are
defined
and
estimated.
It
can
obscure
distribution
shapes
and
interdependencies,
so
it
is
typically
used
alongside
other
tools
such
as
risk
matrices
and
scenario
analysis.