Risk assessment, Computer Network Security

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States







Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
You are free to design the format and structure of the routing table kept locally by each node and exchanged among neighboring nodes. 1. Upon the activation of the program, each

Question: Suppose the following brief history of WLAN security standards: When the security of WEP was broken, the industry turned to the IEEE to fix it. The IEEE said it could

Question: The Wired Equivalent Privacy (WEP) standard was created in order to give wireless networks safety and security features similar to that of wired networks. (a) L

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

Question: A regional police force has the following corporate objectives: ? to reduce crime and disorder; ? to promote community safety; ? to contribute to delivering just

Routers They transfer packets among multiple interconnected network machines (i.e. LANs of different kind). They perform in the data link, physical and network layers. They ha

Example 3: Logic bombs In the year 2000, Timothy Lloyd was found responsible of causing $10 million and $12 million of damage to Omega Engineering, an American company specializ

QUESTION The major decision hierarchy for disclosing security problems is if the problem is with the product owned by the business or if it is used by the business. Although th

Who are the individuals who cause these security problems? Many unauthorized people who cause network security problems for obtaining information about the other users and causi

In this work a network intrusion system (package) must implement based on high interaction honeypots. There are two honeypots with different platforms (ubuntu and windows server 20