Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

RESPONSE, Dropbox’s tool shows how chatbots could be future of cybersecurit...

Dropbox’s tool shows how chatbots could be future of cybersecurity

What do you meant by the term diffusion and confusion, Question: (a) W...

Question: (a) What do you meant by the term diffusion and confusion? Explain how diffusion and confusion can be implemented. (b) Distinguish between authorisation and auth

ITC 571 Emerging Technologies and Innovation Assignment, Ask quProject brie...

Ask quProject brief template The project brief is a document upon which the full Project Proposal and Plan will be based. About me: Who are you? What do you do? What is your Exper

Trap and trace systems-information security, TRAP AND TRACE SYSTEMS Trap...

TRAP AND TRACE SYSTEMS Trap and Trace Systems use techniques to detect an intrusion and trace it back to its source. Trap comprises of honey pot or padded cell and alarm. The dr

Categories of controls-information security, Categories of Controls Cont...

Categories of Controls Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the co

Venn Diagram Problem, Students were asked about search engine they used.90 ...

Students were asked about search engine they used.90 of them said they used google chrome,70 used Internet Explorer,40 used Mozilla Firefox,30 used Google Chrome and Internet Explo

Security goals, what is relation ship between computer security goals?

what is relation ship between computer security goals?

What type of rfid tag is more appropriate for ws-pass, Consider the followi...

Consider the following case study: In order to avoid criticisms of their existing manned road-toll payment system on its private road, WS-Pass has decided to adopt an automated

Threat identification-risk management, Threat Identification After ident...

Threat Identification After identifying and performing a primary classification of an organization’s information assets, the analysis phase moves onto an examination of threats

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd