Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
You are designing a Demilitarized zone for a large corporation. Using design best practice, and the information that you have learned so far, propose a design that will provide the

Question: (a) Describe the term interference in the space, time, frequency, and code domain. (b) Consider a 1 G - AMPS: 824-849 MHz (forward) ; 869-894 MHz (reverse). B

Question (a) Draw a typical hybrid star-ring topology paying attention to how the clients and switching hubs are connected. (b) State 3 main differences between a router

Question 1 a) What is a NMS? Question 2 Explain about Structure of Management Information Question 3 A)In which UDP port number does a protocol entity receive message?

Question : (a) Distinguish between authorization and authentication. (b) SSO (Single Sign On) implies a user logs in once and can access resources for a defined period of

how much would you charge for minimum 20 pages

(a) Describe DES encryption with a block diagram and brief steps. (b) How does triple DES improve security. What is the effective key length of triple DES? How can 3DES be compa

- Alice, Bob and Charlie have a secret key a=3, b=4, c=5, in that order. - They would like to find a common secret key using Diffie-Hellan key exchange protocol (with g=2, p=5).


Question requires you to submit a proposal based on the research report topic you will be addressing in the second assignment.  Note:  before commencing research on the topic, y