Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Marketing, what are the participant of marketing channal?

what are the participant of marketing channal?

Plaintext, how to encryt the data in plaintext cipher

how to encryt the data in plaintext cipher

Ring topology, RING TOPOLOGY In this topology of network the devices a...

RING TOPOLOGY In this topology of network the devices are connected to each other in packed loop. In this network first computer passes data packet to the second and then seco

Illustrate the label switching procedure in an mpls network, QUESTION ...

QUESTION a) Explain the terms traffic engineering, class-based queuing, shaping and grooming in an MPLS network. b) Using an example topology, illustrate the label swi

Data classification and management, Data Classification and Management C...

Data Classification and Management Corporate and military organizations use a several of classification schemes. Information owners are responsible for classifying information a

Negative cycle algorithm in minimum cost flows, QUESTION: (a) Show the...

QUESTION: (a) Show the Negative Cycle Algorithm in Minimum Cost Flows. (b) List the steps added in finding a Negative Cycle. (c) Apply Dijkstra's algorithm on the subs

Base lining-risk management, Base lining •    Organizations do not have ...

Base lining •    Organizations do not have any contact to each other •    No two organizations are identical to each other •    The best practices are a moving target •    K

Computer security, For this assessment, students must research and analyse ...

For this assessment, students must research and analyse two different scenarios. The two scenarios must be chosen from those described below and submitted as one Microsoft PowerPoi

Steganography-cryptography, Steganography It is a process of hiding info...

Steganography It is a process of hiding information in use for a long time. Most popular modern version of this process hides information within files appearing to contain digit

Describe the process of components identification, Probelm 1: Give the ...

Probelm 1: Give the History and Evolution of Wireless Communication System. Complete explanation Probelm 2: Describe the process of Components Identification and cal

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd