Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Describe the terms prime number and prime factorisation, (a) An opponent is...

(a) An opponent is using RSA with the public key {e=53, n=77}. You intercept the ciphertext C=10. (All values on this problem, including the ciphertext and the cleartext, are nume

Explain possible attacks on rsa encryption, Problem (a) Describe RSA a...

Problem (a) Describe RSA algorithm with an example. (b) Answer the following RSA encryption, given the values of the primes are: p = 17, q = 11 and choosing e = 7. (c)

Explain rsa encryption, (a) Describe RSA encryption. (b) For an RSA encr...

(a) Describe RSA encryption. (b) For an RSA encryption the values of the primes are: p=29, q=31. select e=11, evaluate the public and private keys. (c) How can RSA be used fo

Hardware, Hardware, Software, and Network Asset Identification What info...

Hardware, Software, and Network Asset Identification What information attributes to track is dependent on: •    Requires of organization/risk management efforts •    Management

Growth of lan technology, GROWTH OF LAN TECHNOLOGY The production of s...

GROWTH OF LAN TECHNOLOGY The production of shared communication channels (LANs) started in 1960s and early 1970. The basic idea behind was to reduce the number of connectio

Explain the term virtual private network, Question: (a) Besides privac...

Question: (a) Besides privacy, what other security functions does Pretty Good Privacy (PGP) provides? (b) What is the Post Office Protocol (POP) used for? Why is it impo

Media, what is guided media or unguided media

what is guided media or unguided media

Intrusion detection and classification, i want to detec and classify networ...

i want to detec and classify network anomaly detection based on KDD99 data set using swarm intelligence

Wan architecture and wan service, MegaCorp INC. is a large manufacturing f...

MegaCorp INC. is a large manufacturing firm that operates 5 factories in Dallas, 4  factories in Los Angeles, and 5 factories in Albany, New York.  It operates a tightly  connected

Research paper, how much would you charge for minimum 20 pages

how much would you charge for minimum 20 pages

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd