Risk assessment, Computer Network Security


Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.

Posted Date: 10/8/2012 6:20:00 AM | Location : United States

Related Discussions:- Risk assessment, Assignment Help, Ask Question on Risk assessment, Get Answer, Expert's Help, Risk assessment Discussions

Write discussion on Risk assessment
Your posts are moderated
Related Questions
Techniques for combating Spam mails Many anti spam products are commercially available in market. But it should also be noted that no  one technique is a complete solution to

Question : a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the source I

A  full-duplex (FDX) , accepts communication in both ways, and, unlike half-duplex, accept this to occur simultaneously. Land-line telephone networks are full-duplex, since they

Problem (a) Describe RSA algorithm with an example. (b) Answer the following RSA encryption, given the values of the primes are: p = 17, q = 11 and choosing e = 7. (c)

Ask You have been asked by a new client to assist in setting up a new computer for her coffee shop. She has just purchased the newest Apple computer from an online site. Should wou

Hypothetical reliable data transfer protocol: A jumping window based Go-back-N  ARQ protocol for file transfer using UDP as the transport protocol: In this protocol, a window o

FRAGMENT IDENTIFICATION: IDENT field in every fragment matches IDENT field in real datagram. Fragments from different datagrams may arrive out of order and still be saved out.

Question: (a) Mention three limitations of a firewall. (b) Compare packet-filtering and proxy-base firewalls. Give advantages and drawbacks of both. (c) "Proxies eff

Assume that the RSA problem is hard, prove that the RSA encryption is secure against IND- CPA. Provide a game between an adversary A and a simulator (or challenger) B.

I have an assignment of Computer Security to submit. Will you guys help me making my assignment???