Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Determine the functions of security components, You are designing a Demilit...

You are designing a Demilitarized zone for a large corporation. Using design best practice, and the information that you have learned so far, propose a design that will provide the

Cost accounting, ?Examples should include direct costs items, indirect cost...

?Examples should include direct costs items, indirect costs items, as well as variable costing. ?What are at least 5 types of expenses that are associated with manufacturing the

Explain what is a broadcast storm, QUESTION: (a) Ethernet has grown in ...

QUESTION: (a) Ethernet has grown in popularity in the recent years and is now used in LANs. Give three reasons for the success behind Ethernet. (b) Ethernet uses the CSMA/CD

Network intrusion system, In this work a network intrusion system (package)...

In this work a network intrusion system (package) must implement based on high interaction honeypots. There are two honeypots with different platforms (ubuntu and windows server 20

Distinguish between a mobile agent state and code, Question: (a) Disti...

Question: (a) Distinguish between a mobile agent "state" and "code". (b) Differentiate between "weak" and "strong" mobility. (c) Mobile agent systems are known to have

Find the possible deciphering transformations, Question: (a) A string o...

Question: (a) A string of ciphertext was enciphered using an a±ne transformation of single letters in a 28-letter alphabet consisting of A to Z, a blank and a?, where A to Z ha

The Security Systems Development Life Cycle (SecSDLCtle.., #Under what circ...

#Under what circumstances would the use of a SecSDLC be more appropriate than an SDLC?

Describe how lower bounds on arc flows, QUESTION: (a) Suppose the graph ...

QUESTION: (a) Suppose the graph below, use the Flow Decomposition method to list the cycles and paths produced. (b) Describe how Lower Bounds on Arc Flows are eliminated

Describe privacy-protecting techniques, Question: a) What do you meant...

Question: a) What do you meant by Privacy? b) Name the four privacy violations. c) Often, aggregate information and anonymized information can be combined to identif

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd