Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States

Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Issue-Specific Security Policy (ISSP) The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular iss

(a) Describe the concept of zero knowledge proofs. Give a practical example. (b) Explain how a one way hash function works. (c) What are message authentication codes? (d)

USING ICMP TO TEST REACHABILITY:  ICMP can also be used to test several tools. An Internet host A, is reachable from another host B, if data packets can be send from A to B. P

DEPLOYMENT AND IMPLEMENTING OF AN IDS The strategy for deploying IDS should consider various factors. These factors will determine the number of administrators required to insta

QUESTION a) "Two of the key attributes of an enterprise network is that it have to be multi-platform and multisite." Decribe what you understand by this statement. b) A

RING topology all computers are connected in loop. A ring topology is a network topology in which every node connects to exactly two other devices, forming a single continuous pa

Q. Attacks on wireless network WSN are vulnerable to attacks which compromise the integrity of the WSN nodes by decreasing the nodes' fault tolerance capabilities, data distrib

Problem (a) IT Service Support within the ITIL framework is divided in a number of processes. Compare and contrast the following processes: i. Incident Management and Problem M

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

Question: (a) What is the major problem with public key encryption when compared to symmetric key encryption? (b) Consider the following protocol for communication between t