Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Digital signatures, Digital Signatures Digital Signatures are encrypted ...

Digital Signatures Digital Signatures are encrypted messages which can be proven mathematically to be authentic. These are created in response to rising requirement to verify in

Explain the random key distribution, Q. Explain the random key distribution...

Q. Explain the random key distribution? The triple key management mechanisms ensure a better and complete security solution using the random key distribution mechanism. In this

Basic types of agent in order of increasing generality, Question 1: (a)...

Question 1: (a) Define Artificial Intelligence. (b) Briefly describe the categories for the definition of Artificial Intelligence. (c) Identify the four basic types of

Example bus network , Ethernet is a commonly used LAN technology. It was di...

Ethernet is a commonly used LAN technology. It was discovered at EXROX PARC(Palo Alto Research Center) in 1970s.Xerox, Intel and Digital described it in a standard so it is also kn

Describe how ethernet deals with collisions, Problem (a) The IEEE 802 seri...

Problem (a) The IEEE 802 series of standards describe both the Physical and Data Link layers of their respective technologies. Two important standards are 802.3 and 802.5, respect

Explain quality management system, Question: Quality management standar...

Question: Quality management standards are seen as a major pillar supporting the drive for continuous quality improvement through TQM. (a) What do you meant by the term ‘Qua

Syntax conversion, Write down the significance of the syntax conversion . S...

Write down the significance of the syntax conversion . Syntax Conversion is described below: Syntax conversion is a significant function carried out in the presentation layer. I

Explain what is a broadcast storm, QUESTION: (a) Ethernet has grown in ...

QUESTION: (a) Ethernet has grown in popularity in the recent years and is now used in LANs. Give three reasons for the success behind Ethernet. (b) Ethernet uses the CSMA/CD

Define full-duplex., A  full-duplex (FDX) , accepts communication in both...

A  full-duplex (FDX) , accepts communication in both ways, and, unlike half-duplex, accept this to occur simultaneously. Land-line telephone networks are full-duplex, since they

Business needs-information security, BUSINESS NEEDS Information security...

BUSINESS NEEDS Information security performs four main functions for an organization. 1. Protects the ability of organization to function. 2. Enables safe operation of applicat

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd