Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

The security systems development life cycle (secsdlc), The Security Systems...

The Security Systems Development Life Cycle (SecSDLC) The same phases which is used in traditional SDLC can be adapted to support specialized implementation of IS project,At its

Risk management discussion points, Risk Management Discussion Points Org...

Risk Management Discussion Points Organizations should define level of risk it can live with Risk appetite: it defines quantity and nature of risk which organizations are wil

Information security policy practices and standards, INFORMATION SECURITY P...

INFORMATION SECURITY POLICY PRACTICES AND STANDARDS Management from all the communities of interest should consider policies as basis for all information security efforts. Polic

Using icmp reachability, USING ICMP TO TEST REACHABILITY:  ICMP can a...

USING ICMP TO TEST REACHABILITY:  ICMP can also be used to test several tools. An Internet host A, is reachable from another host B, if data packets can be send from A to B. P

Basic functions of e-mail system, B a s i c functions of e-mail system ...

B a s i c functions of e-mail system are given as follows: C o mp o sition refers to the procedure of creating messages and the answers. Though any text editor can be

Using Technology as Experience Framework, Write a two to three (2-3) page p...

Write a two to three (2-3) page paper in which you: Explain how the Web user interfaces help donors to make decisions. Relate the emotional thread demonstrated in the case study to

Briefly explain the contents of the needs analysis, QUESTION (a) Brief...

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

How an attacker can effectively de-layer and analyse data, Around the globe...

Around the globe the bank controlled Co-ops (Visa, MasterCard, Discover, and American Express) have rolled out millions of smart cards under the EMV (Europay, MasterCard, VISA) sta

X.509, Consider the details of the X.509 certificate shown below. a. Identi...

Consider the details of the X.509 certificate shown below. a. Identify the key elements in this certificate, including the owner''s name and public key, its validity dates, the nam

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd