Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
Early networks used simple point-to-point communication . In such a method of communication every communication channel connects exactly two devices. In this way it prepares a m

Question (a) Consider that you enter the subsequent URL in the address bar of a popular web client and that both the server and client accepts HTTP version 1.1. i. What can be

QUESTION (a) Describe the two possible configurations for 3DES (b) What is the main disadvantage of 3DES? (c) Why are most modern symmetric algorithm block ciphers? (d

Question 1 (a) Explain briefly the following terms as used in network security: (i) Denial of service (DoS) attack (ii) Birthday attack (iii) DeMilitarized Zone

(a) An opponent is using RSA with the public key {e=53, n=77}. You intercept the ciphertext C=10. (All values on this problem, including the ciphertext and the cleartext, are nume

Q1 (15 marks, 5 marks each part): This question has three parts: In a short paragraph (200-300 words) explain the fundamentals of Packet Switching and how it works. In a short pa

Digital Signatures Digital Signatures are encrypted messages which can be proven mathematically to be authentic. These are created in response to rising requirement to verify in

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

Question: a) Name a method to allow a person to send a confidential email to another person, without risks of a third-party reading the email. Describe briefly the operations

on LAN,where are IP datagrams transported?