Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Typical network management system, Problem 1: List measurable entities ...

Problem 1: List measurable entities on which the quality of service in a data communication network depends Problem 2: Show the features of a typical Network Management

Compare and contrast the trust models-pgp, a. PKI and PGP are two methods f...

a. PKI and PGP are two methods for generating and managing public keys for use in protocols such as secure email. Compare and contrast the trust models for public keys used in PKI

Security clearances-information security, Security Clearances For a secu...

Security Clearances For a security clearance in organizations each data user should be assigned a single level of authorization indicating classification level. Before approachi

Gateways, Gateways They transfer packets among network machines that h...

Gateways They transfer packets among network machines that have different protocols (e.g. between a WAN and a LAN). They access a packet formatted for one protocol and change

What is network virtual terminal, Network Virtual Terminal It is a set...

Network Virtual Terminal It is a set of principles describing a very simple virtual terminal interaction. The NVT is needed in the start of a Telnet session. Communication wit

What is the main security vulnerability of ipv4, Question: (a) What is...

Question: (a) What is the main security vulnerability of IPv4? (b) Which protocol can be used for secure remote login? (c) Distinguish between the transport and tunnel

Systems development life cycle (sdlc)-information security, SDLC Systems ...

SDLC Systems development life cycle (SDLC) is process of developing information systems through analysis, design, investigation, implementation and maintenance. SDLC is called as

Evaluate the sample correlation between y and z, Question: (a) Data on ...

Question: (a) Data on four variables are stored in a file called file1.dat. The first line of the file is the variable names f, x, y and z. Give the R commands to (i) read t

Digital signature, A digital signature is a stamp on the data, which is uni...

A digital signature is a stamp on the data, which is unique and very hard to forge.  A digital signature has 2 steps and creates 2 things from the security perspective. STEP 1

What is a firewall, QUESTION (a) Define and distinguish between Electro...

QUESTION (a) Define and distinguish between Electronic Commerce and Electronic Business (b) According to you what are the benefits that Electronic Commerce can brings to org

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd