Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Problem (a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. The second screen capture is from the data portion of the frame.

Re: Website Google Ranking Hello! Hope you are doing well. I discovered some major issues in your website which might be the cause for the Google Penalties and poor search ranki

Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below

Enterprise Information Security Policy (EISP) EISP also known as security policy directly supports the mission of the organization and sets the strategic direction, scope, and t

a) Calculate the CRC for the frame below: Frame: 1101011011 Generator: 10011 Message after appending 4 zero bits: 11010110110000 b) OSI refers to a system in which any

define .

Question: (a) Describe how IPSec provides data source authentication. (b) Which protocol can be used to provide limited traffic analysis confidentiality? Why is it "limite

All references using actual quotes, paraphrase, or specific arguments, should employ page numbers. The essay is based on the unit content and should engage with the set readings, a

Question 1 a) Provide three advantages of using optical fiber. b) Distinguish between "Direct Sequence Modulation" and "Frequency Hopping" c) Decribe the purpose of using "

IPV6 NEXT HEADER It is given in the figure below: