Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

What is information security, What is information security Information s...

What is information security Information security protects information (and facilities and systems which store, use and transmit it) from a broad range of threats, in order to p

Digital signature, A digital signature is a stamp on the data, which is uni...

A digital signature is a stamp on the data, which is unique and very hard to forge.  A digital signature has 2 steps and creates 2 things from the security perspective. STEP 1

Packets and frames, PACKETS: Packet is a generic word that define to sma...

PACKETS: Packet is a generic word that define to small code of data. Packet have different format. Each hardware needs different packet format.  FRAME: A hardware frame or

Define byte stuffing, Sometimes the special character may see in data and a...

Sometimes the special character may see in data and as a part of data they will be misinterpreted as packet data. The solution to this cause is Byte stuffing.   In general to

What is internet, The Internet is known as the set of networks connect...

The Internet is known as the set of networks connected by routers that are configured to pass traffic among any machine attached to any network in the set. By internet several

Ring topology, RING topology all computers are connected in loop. A ring ...

RING topology all computers are connected in loop. A ring topology is a network topology in which every node connects to exactly two other devices, forming a single continuous pa

Intercultural sensitivity: recognising differences, Intercultural sensitivi...

Intercultural sensitivity: recognising differences You represent a Mauritian computer company which is negotiating to buy hardware from a manufacturer in Japan. In your first

Discuss the influence the commercial operations, Question: A regional p...

Question: A regional police force has the following corporate objectives: ? to reduce crime and disorder; ? to promote community safety; ? to contribute to delivering just

Threat identification-risk management, Threat Identification After ident...

Threat Identification After identifying and performing a primary classification of an organization’s information assets, the analysis phase moves onto an examination of threats

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd