Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Risk determination, Risk Determination For purpose of relative risk asse...

Risk Determination For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an elem

Military and space technology, crack the secret message and explain how the...

crack the secret message and explain how the code works. The clue is that it has something to do with the computer keyboard. J-Q-H-6 Q-E-F-Q-H-D-3-W 8-H 5-Y-3 7-W-3 9-R--D-9-J

Attackers motives behind the cyber attack, Attacker's Motives behind the Cy...

Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Base lining-risk management, Base lining •    Organizations do not have ...

Base lining •    Organizations do not have any contact to each other •    No two organizations are identical to each other •    The best practices are a moving target •    K

#title., differentiate between internet and www

differentiate between internet and www

Architecture of www named world wide web, Write down short notes on the arc...

Write down short notes on the architecture of WWW which is World Wide Web. WWW which means The World Wide web or the web is a repository of information spread worldwide and rel

Elliptic Curves, #questioAn elliptic curve y^2=x^3+ax+b(mod29) includes poi...

#questioAn elliptic curve y^2=x^3+ax+b(mod29) includes points P=(7, 15) and Q=(16, 13) a)Determine the equation of the crve b) Determine all values of x for which there is no point

Cyclic redundancy check (crc), CYCLIC REDUNDANCY CHECK (CRC) To activa...

CYCLIC REDUNDANCY CHECK (CRC) To activate a network system to check move error without increasing the amount of information in every packet another most successful method is m

Increasingly significant impact on society, Question: (a) African gove...

Question: (a) African governments are slowly shifting to more transparent ICT regulations. However, but limited spectrum availability remains a key barrier to sustaining lon

Describe types of communication impairments, Question : (a) "Pulse Code...

Question : (a) "Pulse Code Modulation (PCM), as used in telephony, samples a signal at 8 kHz using 256 quantization levels". Outline how this scheme works with the help of ske

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd