Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Packet filtering firewall-dynamic packet filtering, Dynamic Packet Filterin...

Dynamic Packet Filtering Dynamic Packet Filtering is also referred to as stateful firewalling. Here the firewall maintains the status of connections as well. When a connection

Differentiate between private key and public key encryption, Problem (...

Problem (a) Differentiate between private key and public key encryption. (b) What issue with private key encryption is resolved with public key encryption? (c) Describe

Explain about structure of management information, Question 1 a) What is a...

Question 1 a) What is a NMS? Question 2 Explain about Structure of Management Information Question 3 A)In which UDP port number does a protocol entity receive message?

Complexity of network systems, Computer networks is a complex subject due t...

Computer networks is a complex subject due to the given reasons: MANY DIFFERENT TECHNOLOGIES EXIST: The first reason for the complexity of networks is that there are s

Explain about security aware protocols, Q. Explain about Security aware pro...

Q. Explain about Security aware protocols? The security-Aware ad hoc Routing (SAR) protocol based on the security attributes integrated into the ad hoc route discovery provides

Arp responses, ARP RESPONSES Let's search out how does a computer know...

ARP RESPONSES Let's search out how does a computer know whether an incoming frame have an ARP message. The type field in the frame header defines that the frame contain an ARP

Electronic mail, Electronic Mail: Electronic mail which is famous as e-...

Electronic Mail: Electronic mail which is famous as e-mail, as it is known to its number of users, has been around for more than two decades. Before 1990, it was mainly used in

Legal, LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities an...

LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities and reduce risks, information security practitioner should: •    to understand current legal environment •    to s

Calculate the total latency, Question (a) Inspect the following ifconfi...

Question (a) Inspect the following ifconfig output of an IPv6 interface: i. What is the hidden Hardware Address of the interface on Line #1? ii. What is the hidden subn

Layering, ADDRESS RESOLUTION AND PROTOCOL ADDRESSES Address resolution...

ADDRESS RESOLUTION AND PROTOCOL ADDRESSES Address resolution (ARP) is a network interface layer protocol. Protocol addresses are used in all upper layers. Address resolution s

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd