Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
ACCESS CONTROL DEVICES Successful access control system includes number of components, which depends on system’s requirements for authentication and authorization. Powerful auth

how to form the trojan integrated cirucit and what are the tools are used to simulate the ciruit to our system and how to pass it as input to the clustering algorithm to get the ou

Question An organization is planning to connect its networks to the Internet. The network is located within a four story building. A web server supporting online sales is also

QUESTION Testing of a Business Continuity Plan (BCP) does not need to be costly or to interrupt the daily operations of the business. The result of the test should also be look

ROUTING TABLES AND ADDRESS MASKS Additional information is saved in routing table. Destination is kept as network address. Next hop is saved as IP address of router. Address m

Question: (a) A string of ciphertext was enciphered using an a±ne transformation of single letters in a 28-letter alphabet consisting of A to Z, a blank and a?, where A to Z ha

Problem (a) Distinguish between passive and active attacks. (b) Give two reasons why it is important to organise security awareness programs for users. (c) Describe how

how would land elevation have canged if coronado had traveled 150 miles due west from what is today arizona instead of west toward new mexico

QUESTION (a) Consider the following digital bit stream 01001100 is to be encoded in: i. NRZ-I ii. Pseudoternary iii. Manchester iv. Differential Manchester Show th

Maximum Transmission Unit  (MTU) Each hardware method specification adds the definition of the maximum size of the frame data area, which is known the Maximum Transmission Uni