Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Types of idss and detection methods, Types of IDSs and Detection Methods ...

Types of IDSs and Detection Methods IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs us

Describe phishing attacks, QUESTION (a) (i) Describe Phishing attacks. ...

QUESTION (a) (i) Describe Phishing attacks. (ii) Distinguish between Phishing and Spear Phishing attacks. (b) Describe two instances where an attacker sniffing on a netwo

Systems-specific policy (syssp), Systems-Specific Policy (SysSP) SysSP...

Systems-Specific Policy (SysSP) SysSPs are codified as standards and procedures which are used when configuring or maintaining systems. Systems specific policies fall into 2 g

Determine the functions of security components, You are designing a Demilit...

You are designing a Demilitarized zone for a large corporation. Using design best practice, and the information that you have learned so far, propose a design that will provide the

Briefly explain the contents of the needs analysis, QUESTION (a) Brief...

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

Explain the main stages in the penetration testing process, Question: (...

Question: (a) i. Explain what is meant by Discretionary Access Control and Mandatory Access Control ii. Which method would be the most effective to ensure that users do

Develop a tcp-based client-server socket program, Develop a TCP-based clien...

Develop a TCP-based client-server socket program for transferring a large message. The message transmitted from the client to server is read from a large file (size is about 30000

It service support within the itil framework, Problem (a) IT Service Suppo...

Problem (a) IT Service Support within the ITIL framework is divided in a number of processes. Compare and contrast the following processes: i. Incident Management and Problem M

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd