Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Typical network management system, Problem 1: List measurable entities ...

Problem 1: List measurable entities on which the quality of service in a data communication network depends Problem 2: Show the features of a typical Network Management

People, People,Procedures,Data Asset Identification-Risk Management Th...

People,Procedures,Data Asset Identification-Risk Management The human resources, data information and documentation assets are more difficult to identify. People having knowle

Malicious node detection mechanisms, Many applications are vulnerable to in...

Many applications are vulnerable to intrusion attacks and can provide misleading reports about misbehaving nodes. Some of the mechanisms under such a category include the Bayesian

The security systems development life cycle (secsdlc), The Security Systems...

The Security Systems Development Life Cycle (SecSDLC) The same phases which is used in traditional SDLC can be adapted to support specialized implementation of IS project,At its

Who are the individuals who cause these security problems, Who are the indi...

Who are the individuals who cause these security problems? Many unauthorized people who cause network security problems for obtaining information about the other users and causi

Plaintext, how to encryt the data in plaintext cipher

how to encryt the data in plaintext cipher

Systems development life cycle (sdlc)-information security, SDLC Systems ...

SDLC Systems development life cycle (SDLC) is process of developing information systems through analysis, design, investigation, implementation and maintenance. SDLC is called as

What type of rfid tag is more appropriate for ws-pass, Consider the followi...

Consider the following case study: In order to avoid criticisms of their existing manned road-toll payment system on its private road, WS-Pass has decided to adopt an automated

Asset identification and valuation-information security, ASSET IDENTIFICATI...

ASSET IDENTIFICATION AND VALUATION This process begins with identification of assets that includes all elements of an organization’s system (people, procedures, data and informa

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd