Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Intrusion detection and classification, i want to detec and classify networ...

i want to detec and classify network anomaly detection based on KDD99 data set using swarm intelligence

Malicious node detection mechanisms, Many applications are vulnerable to in...

Many applications are vulnerable to intrusion attacks and can provide misleading reports about misbehaving nodes. Some of the mechanisms under such a category include the Bayesian

Types of idss and detection methods, Types of IDSs and Detection Methods ...

Types of IDSs and Detection Methods IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs us

Limitations of ethical dilemma, The best results obtained in the PIIT class...

The best results obtained in the PIIT classes have been when the technique has been used in tutorial groups, rather than have students submit individual reflections on particular c

Point-to-point topology, POINT-TO-POINT: In Point-to-Point topology th...

POINT-TO-POINT: In Point-to-Point topology there are two kind of topologies. 1) STAR topology 2) TREE topology In star topology each and every computer is connect

Algorithm, algorithm on simple intrest

algorithm on simple intrest

Research paper, how much would you charge for minimum 20 pages

how much would you charge for minimum 20 pages

Gateways, Gateways They transfer packets among network machines that h...

Gateways They transfer packets among network machines that have different protocols (e.g. between a WAN and a LAN). They access a packet formatted for one protocol and change

Cryptography, hi have a look and tell me if u can do it. if u can do Q1then...

hi have a look and tell me if u can do it. if u can do Q1then i will allow u to do Q2

Discuss the influence the commercial operations, Question: A regional p...

Question: A regional police force has the following corporate objectives: ? to reduce crime and disorder; ? to promote community safety; ? to contribute to delivering just

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd