Glossary · ISO/SAE 21434

Risk Value

ISO/SAE 21434 risk score derived from impact (SFOP) and attack feasibility.

Risk value is the output of risk determination (Annex H) and combines the damage-scenario impact rating with attack feasibility. It drives the risk-treatment decision — accept, share, avoid, or reduce — and the depth of cybersecurity controls applied to each path.

Related terms

Damage Scenario
Description of the harm that occurs when a cybersecurity property of an asset is compromised.
Attack Feasibility
Estimation of how achievable an attack path is, expressed via factors such as elapsed time, expertise, knowledge, opportunity, and equipment.
TARA
Threat Analysis and Risk Assessment — the structured cybersecurity risk method of ISO/SAE 21434.

Need help applying Risk Value on a programme? Use the contact form or request a KAVACH demo.

Risk Value

Damage Scenario

Attack Feasibility

TARA