Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Question 1: Why do we need a Law of Contract? a Explanation Reasons to have a law of contract b Explain the close procurement project process - Explanation (causes,

Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below

Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would

Question: (a) What are the various options to mitigate risks in an Information Security Management System (ISMS)? For each option specify an instance where it can be used.

QUESTION: a) Explain four issues that are generally addressed in the Needs Analysis phase in the building-block approach to network design. b) Sketch a typical hybrid star-b

Q. Explain the random key distribution? The triple key management mechanisms ensure a better and complete security solution using the random key distribution mechanism. In this

Problem: (a) What is a firewall and which are its most important tasks? (b) What is the difference between default deny and default permit? Which advantages and disadvanta

Question requires you to produce a pcap file from a Wireshark capture.  In addition, you must include a screen capture of Wireshark and some specific information regarding the fram

PARSING IPv6 HEADERS Base header is fixed in size i.e. 40 octets. NEXT HEADER field in the base header describe kind of header and it seems at end of fixed-size base header. S

QUESTION There are generally five factors that will influence how you respond to computer security incidents- The effect the incident has on your business Legal issue