Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Difference between flow control and congestion control, (a) Describe briefl...

(a) Describe briefly the difference between flow control and congestion control in relation to a connection-oriented protocol such as TCP. (b)  What is the initial rate of data

Looking for data network security assignment, I am ryan, i am looking for d...

I am ryan, i am looking for data security and network assignment help, Do you have experts in data security?

#title., differentiate between internet and www

differentiate between internet and www

CS, Discuss how developers should apply the following countermeasures to im...

Discuss how developers should apply the following countermeasures to improve the security of their code:

Introduction to planning for security, INTRODUCTION TO PLANNING FOR SECURIT...

INTRODUCTION TO PLANNING FOR SECURITY The creation of an information security program begins with creation and review of organization’s information security policies, standards,

Documenting the results of risk assessment, Documenting the Results of Risk...

Documenting the Results of Risk Assessment The goal of this process is to recognize the information assets, list them, and rank according to those most required protection. The

Sequential label and supply, What questions should Iris ask Charlie about t...

What questions should Iris ask Charlie about the new job, about Kelvin''s team, and about the future of the company?

Address masks, ADDRESS MASKS To identify receiver, network apply addre...

ADDRESS MASKS To identify receiver, network apply address mask to receiver address and calculate to network address in routing table. It can use Boolean 'and' to calculate the

Meaning of dns - domain name system, What do you understand by the DNS? Exp...

What do you understand by the DNS? Explain the usage of the resource rec or ds. Domain Name System is described below: The Domain Name Service (DNS) is the hierarchi

TCP / IP, Let me know the details of protocol tcp/ip

Let me know the details of protocol tcp/ip

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd