Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Internet Protocol IP Gives computer-to-computer communication. Host and receiver addresses are computers. This is also known machine-to-machine communication.

Question 1: (a) (i) Radio waves are subject to several propagation problems. Name any three of them. (ii) A Wi-Fi receiver requires a signal power of 50mW to operate correc

Question: The Wired Equivalent Privacy (WEP) standard was created in order to give wireless networks safety and security features similar to that of wired networks. (a) L

Mapping between a hardware address and a protocol address is known Address Resolution. A router or host uses address resolution when it requires to transmit a packet to another dev

Five years ago, Calgary Kids' Cloth Ltd was just a small retail store in downtown Calgary. The company started their own factory in SE Calgary to produce outdoor clothes for kids.

ASSET IDENTIFICATION AND VALUATION This process begins with identification of assets that includes all elements of an organization’s system (people, procedures, data and informa

Encryption Key Size When using ciphers, the size of crypto variable or key is quite important as the strength of many encryption applications and cryptosystems were measured by

Hardware, Software, and Network Asset Identification What information attributes to track is dependent on: •    Requires of organization/risk management efforts •    Management

BUSINESS NEEDS Information security performs four main functions for an organization. 1. Protects the ability of organization to function. 2. Enables safe operation of applicat

Risk Identification Risk management comprises of identifying, classifying and prioritizing organization’s information assets, threats and vulnerabilities also. Risk Identificati