Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Briefly explain the following security goals, (a) Briefly explain the fo...

(a) Briefly explain the following security goals provided by cryptography: confidentiality, authentication, integrity and non-repudiation. (b) State Kerckhoff's Princip

Implement database security, Question: (a) Describe fully with example ...

Question: (a) Describe fully with example the two access control methods available to implement database security. (b) Discuss why database statistics (meta data) provide es

Address resolution with closed-form computation, ADDRESS RESOLUTION WITH CL...

ADDRESS RESOLUTION WITH CLOSED-FORM COMPUTATION For networks use reliable addressing, it is possible to select an address that creates closed-form address resolution possible.

Explain the rsa algorithm, Question: (a) What is the minimum length of...

Question: (a) What is the minimum length of a password that could be considered to be "strong" in the context of today's computing power? (b) The security of a PIN system,

Topology, What is the concept of topology?

What is the concept of topology?

The major decision hierarchy for disclosing security problem, QUESTION ...

QUESTION The major decision hierarchy for disclosing security problems is if the problem is with the product owned by the business or if it is used by the business. Although th

What do you understand by demilitarized zone, Problem 1: What does the ...

Problem 1: What does the SNMP access policy show? SNMP community diagram SNMP access policy Problem 2: Does there exist any formal functional specificat

What do you meant by the term bastion host, Question : (a) What do you...

Question : (a) What do you meant by the term "Bastion Host"? What is its use? (b) "Hostile" Java applets will do undesirable actions. Mention two problems caused by Hosti

Describe what the term session hijacking means, An overall rise in mobility...

An overall rise in mobility, coupled with the falling cost of Wi-Fi equipment, has led to a proliferation of Wi-Fi hot spots in public areas to provide Internet accessibility. Thus

Define byte stuffing, Sometimes the special character may see in data and a...

Sometimes the special character may see in data and as a part of data they will be misinterpreted as packet data. The solution to this cause is Byte stuffing.   In general to

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd