Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Explain the rsa algorithm, Question: (a) What is the minimum length of...

Question: (a) What is the minimum length of a password that could be considered to be "strong" in the context of today's computing power? (b) The security of a PIN system,

Short term scheduler, Short term Scheduler function , also shown as a disp...

Short term Scheduler function , also shown as a dispatcher runs most frequently, and creates the finest-grained decision of which program could run next. This scheduler is called

Define shift operation, SHIFT OPERATION:  This operation replaced all...

SHIFT OPERATION:  This operation replaced all bits to the left one position. For example in the diagram below a 16-bit CRC hardware is given, which needs three Exclusive OR (

Network-based ids (nids), Network-Based IDS (NIDS) A NIDS resides on com...

Network-Based IDS (NIDS) A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NID

What do you meant by network address translation, Problem: (a) What do ...

Problem: (a) What do you meant by Network Address Translation (NAT)? Why is it used? (b) Given the following information by your ISP about your newly acquired Frame Relay c

Typical network management system, Problem 1: List measurable entities ...

Problem 1: List measurable entities on which the quality of service in a data communication network depends Problem 2: Show the features of a typical Network Management

Ciphertext, Encode the following plaintext, using the Caesar cipher: ...

Encode the following plaintext, using the Caesar cipher: LORD OF THE RINGS b) The following ciphertext jw njbh lxmn cx kanjt has been encoded using a

Vulnerability identification-risk management, Vulnerability Identification ...

Vulnerability Identification Specific avenues threat agents can exploit to attack an information asset are known as vulnerabilities. Examine how each threat can be generated and

Frame format and error detection, FRAME FORMAT AND ERROR DETECTION The...

FRAME FORMAT AND ERROR DETECTION The changed frame format also adds CRC. If there is an error happened in frame, then it typically causes receiver to removed frame. The frame

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd