Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
QUESTION (In this question, you will need to use the ISO 27001:2005 and ISO 27002:2005 standards) For each of the situations below, comment on the following: 1. Mention

QUESTION Testing of a Business Continuity Plan (BCP) does not need to be costly or to interrupt the daily operations of the business. The result of the test should also be look

Designing and coding of Job search mechanism: Project Title: FREEHIVE (Sep 2005- Nov 2006) Role             : Developer Domain         : Social Network Client

ADDRESS RESOLUTION WITH TABLE LOOKUP : Resolution needs data structure that has information about address binding. A distinct address-binding table is used for every physical n

Example : Softbank – theft of consumer data for extortion Softbank of Japan offers broadband Internet services across Japan through 2 subsidiaries – Yahoo! BB and Softbank BB. I

Example : UCSF Medical Center In the year 2002, the University of California, San Francisco (UCSF) Medical Center received an email message from someone who claimed to be a doct

LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities and reduce risks, information security practitioner should: •    to understand current legal environment •    to s

Question (a) Consider that you enter the subsequent URL in the address bar of a popular web client and that both the server and client accepts HTTP version 1.1. i. What can be

Question: Network diagrams combine with a set of systematic analysis procedures, serve to remedy the shortcomings of the Gantt chart. Explain the following terms used in the ne

The best results obtained in the PIIT classes have been when the technique has been used in tutorial groups, rather than have students submit individual reflections on particular c