Risk determination, Computer Network Security

Assignment Help:

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2


Related Discussions:- Risk determination

Efforts of advanced research project agency, ADVANCED RESEARCH PROJECT AGEN...

ADVANCED RESEARCH PROJECT AGENCY (ARPA) The efforts of ARPA was to active all its research groups have accept to new era computers. For this purpose ARPA started investing in wa

Risk control strategies-, Risk Control Strategies Once the ranked vulner...

Risk Control Strategies Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk: •Apply safeguards which

Difference between synchronous tdm and statistical tdm, Question (a) A CRC...

Question (a) A CRC is constructed to generate a 4-bit FCS for an 11-bit message. The divisor polynomial is X 4 + X 3 + 1 (i) Encode the data bit sequence 00111011001 using po

Improving domain blacklisting - spam mail, Improving domain blacklisting: ...

Improving domain blacklisting: Current domain blacklisting techniques are not very effective as spammers keep replacing blacklisted domains with newly registered domains. Also

Websphere administrator, Websphere Administrator: Working as Webspher...

Websphere Administrator: Working as Websphere Administrator in the department called DART (Database Architecture Re-Engineering and Tuning). The major responsibilities are t

Introduction to network protocol, In this assignment, you are required to e...

In this assignment, you are required to emulate the operation of a link layer and network layer protocols in a small computer network. Your program should behave like a single node

Firewall analysis tools-information security, FIREWALL ANALYSIS TOOLS Th...

FIREWALL ANALYSIS TOOLS There are a number of tools automate remote discovery of firewall rules and assist the administrator in analyzing rules Administrators who feel wary of u

Explain why spreadsheets are so useful, Question: Spreadsheet packages ...

Question: Spreadsheet packages are widely used in Business. a) Explain why spreadsheets are so useful. b) Spreadsheet files are sometimes saved for use by other software

Explain the encryption model or symmetric cipher model, With explain the en...

With explain the encryption model the help of diagram. Symmetric cipher model uses the secret-key or a single-key for encryption/decryption purposes. It employs a symmetric encr

Cyclic redundancy check (crc), CYCLIC REDUNDANCY CHECK (CRC) To activa...

CYCLIC REDUNDANCY CHECK (CRC) To activate a network system to check move error without increasing the amount of information in every packet another most successful method is m

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd