Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Threads and attacks-information security, THREADS AND ATTACKS Threat is ...

THREADS AND ATTACKS Threat is an object, person, or other entity which represents a constant danger to an asset. To make sound decisions about information security, management s

Explain how ethernet deals with collisions, (a) Describe how CSMA/CD operat...

(a) Describe how CSMA/CD operates and explain how Ethernet deals with collisions. (b) Describe how the subsequent protocols work: i. ARP ii. DHCP iii. DNS iv. SMTP (c) The

Object tracking using wireless sensor networks, This project involves the d...

This project involves the design and development of a simulation environment of many sensors tagging material/ machinery/equipment/etc in a warehouse site to help monitor and manag

Ciphertext, Encode the following plaintext, using the Caesar cipher: ...

Encode the following plaintext, using the Caesar cipher: LORD OF THE RINGS b) The following ciphertext jw njbh lxmn cx kanjt has been encoded using a

Define the term enterprise network, a) Define the term "Enterprise Network"...

a) Define the term "Enterprise Network". b) Briefly discuss the similarity and differences between a switch and a router. c) A company XYZ has been renting the 1 st Floor of

Explain web defacement, QUESTION (a) Compare and contrast phishing and ...

QUESTION (a) Compare and contrast phishing and pharming attacks (b) Nowadays, web defacement may not always be visual (i) Explain web defacement (ii) What is the main

What is network address translation, Question: (a) What is Network Add...

Question: (a) What is Network Address Translation (NAT)? Why is it used? (b) Given a following information by your ISP about your newly acquired Frame Relay connection:

Bus topology, BUS TOPOLOGY In a bus topology all devices are attached ...

BUS TOPOLOGY In a bus topology all devices are attached to a single long cable and any device can send data to any other device. For this function, coordination is needed to d

Explain the main stages in the penetration testing process, Question: (...

Question: (a) i. Explain what is meant by Discretionary Access Control and Mandatory Access Control ii. Which method would be the most effective to ensure that users do

CNSS, Assume that a security model is needed for the protection of informat...

Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd