Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Define network, A Network is described as a system for connecting compu...

A Network is described as a system for connecting computers using a single transmission technology. The computers can interact with each other in a network. They can receive an

Hashing, Hashing is the transformation of a string of characters into a g...

Hashing is the transformation of a string of characters into a generally shorter fixed-length key or a value that presents the original string. Hashing is used to index and retri

Cryptographic hash functions, (a) (i) Bob has public RSA key (n = 77, e...

(a) (i) Bob has public RSA key (n = 77, e = 7). Show that Bob's private key is (d = 43). (ii) Alice wants to send the message m = 13 to Bob. She encrypts the message usi

Plaintext, how to encryt the data in plaintext cipher

how to encryt the data in plaintext cipher

Describe header fields present in a udp segment, Question (a) In relati...

Question (a) In relation to a TCP segment structure, provide the fields responsible for: i. Connection Management ii. Flow Control iii. Error Control iv. Reliable, in-order

Identified issues in networks, The "Big Red Rocks" (BRR) mining company is ...

The "Big Red Rocks" (BRR) mining company is based and operates in Western Australia. They are primarily an iron ore miner, but they also produce electricity through tidal power to

Feasibility studies-risk management, Feasibility Studies Before deciding...

Feasibility Studies Before deciding on strategy, all information of economic or non economic consequences of vulnerability of information asset should be explored. A number of w

Ip address, How to find an ip address?

How to find an ip address?

Information asset classification-risk management, Information asset classif...

Information asset classification-risk management A number of organizations have data classification schemes (for instance confidential, internal, public data). The classificat

Business needs-information security, BUSINESS NEEDS Information security...

BUSINESS NEEDS Information security performs four main functions for an organization. 1. Protects the ability of organization to function. 2. Enables safe operation of applicat

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd