Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

What is meant by certificate revocation, QUESTION (a) Which PKI (Public...

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Placeholders for the plaintext characters, Encode the following plaintext, ...

Encode the following plaintext, using the Caesar cipher:             LORD OF THE RINGS b) The following ciphertext              jw njbh lxmn cx kanjt has been encoded usi

Briefly explain the contents of the needs analysis, QUESTION (a) Brief...

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

CS, Discuss how developers should apply the following countermeasures to im...

Discuss how developers should apply the following countermeasures to improve the security of their code:

Explain authentication process in a synchronous token system, Question: ...

Question: (a) Explain briefly the PCI Control Objectives which enterprises must meet to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Specify a

Lan topologies, Network can be distinguished by shape. According to which t...

Network can be distinguished by shape. According to which there are three most popular methodologies, which are shown as follows; Star Ring Bus

Plaintext, how to encryt the data in plaintext cipher

how to encryt the data in plaintext cipher

Compare and contrast between block and stream ciphers, Problem 1 Solve ...

Problem 1 Solve the following Caesar cipher by showing your working: EM KIUM EM AIE EM KWVYCMZML Problem 2 Compare and contrast between block and stream ciphers, listin

Legal, LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities an...

LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities and reduce risks, information security practitioner should: •    to understand current legal environment •    to s

What is the benefit of adopting a password aging policy, QUESTION (a) H...

QUESTION (a) Hashing and salting is commonly used as password storage techniques for most applications. Describe how hashing and salting enable secure storage of password (b

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd