Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
how can you enter the ASVAB practice test on line?

ADDRESS RESOLUTION WITH TABLE LOOKUP : Resolution needs data structure that has information about address binding. A distinct address-binding table is used for every physical n

A  half-duplex (HDX) system gives communication in both directions, but only one direction at a time. Hardly, once a party stats receiving a signal, it must need for the transmi

The project will be involving a design and a report of which explain the simulation and how it functions. The aim of the project is to help the administrators and staff at the war

Belady's Anomaly Also known FIFO anomaly. Generally, on raising the number of frames given to a process' virtual storage, the program execution is faster, because lesser page

Problem (a) Give two reasons for companies to implement security measures. (b) What is the regulatory expectation regarding i. healthcare information, ii. financial

FIREWALL ANALYSIS TOOLS There are a number of tools automate remote discovery of firewall rules and assist the administrator in analyzing rules Administrators who feel wary of u

Risk Identification Risk management comprises of identifying, classifying and prioritizing organization’s information assets, threats and vulnerabilities also. Risk Identificati

Question: Quality management standards are seen as a major pillar supporting the drive for continuous quality improvement through TQM. (a) What do you meant by the term ‘Qua

(a) Explain the importance of the Euler Totient function in Cryptography. Calculate Euler Totient function value, φ(1280). (b) Explain the role of the Authentication Server (