Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Cipher methods-cryptography, Cipher Methods There are 2 methods of encry...

Cipher Methods There are 2 methods of encrypting plaintext: • Bit stream method – every bit in the plaintext bit is transformed into a cipher bit one bit at a time. • Block cip

Describe the five-layer network using block diagrams, Problem 1: a) One...

Problem 1: a) One of the limitations of file processing systems is data inconsistency. Briefly explain with the help of an example what do you understand by this phrase. b)

Hashing, Hashing is the transformation of a string of characters into a g...

Hashing is the transformation of a string of characters into a generally shorter fixed-length key or a value that presents the original string. Hashing is used to index and retri

Topology, What is the concept of topology?

What is the concept of topology?

Mitigate risks in an information security management system, Question: ...

Question: (a) What are the various options to mitigate risks in an Information Security Management System (ISMS)? For each option specify an instance where it can be used.

What standards are to be applied, Government funding has been given to a un...

Government funding has been given to a university consortium establishing a repository of resources for school teachers. They have engaged you to develop a search facility for teac

Explain how the framework will align to the model, MB Enterprise Systems Lt...

MB Enterprise Systems Ltd based in Mauritius is a company specialized in application development with Europe as the main customer base. The company has implemented CMMI and has rec

Name the various layers of the osi model, Problem (a) Name the various ...

Problem (a) Name the various layers of the OSI model. (b) Show, by means of a diagram, how  the TCP/IP  reference model  is different from the OSI-7 reference model? Why is

Explain the encryption model or symmetric cipher model, With explain the en...

With explain the encryption model the help of diagram. Symmetric cipher model uses the secret-key or a single-key for encryption/decryption purposes. It employs a symmetric encr

Calculate the rsa public and private keys, (a) Which PKI (Public Key Infra...

(a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certificate

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd