Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Question: Suppose the following brief history of WLAN security standards: When the security of WEP was broken, the industry turned to the IEEE to fix it. The IEEE said it could

BUSINESS NEEDS Information security performs four main functions for an organization. 1. Protects the ability of organization to function. 2. Enables safe operation of applicat

Routers They transfer packets among multiple interconnected network machines (i.e. LANs of different kind). They perform in the data link, physical and network layers. They ha

FRAGMENTATION One method is to limit datagram size to smallest MTU of any server. IP needs fragmentation i.e. datagrams can be divided into pieces to fit in network with small

WFABilling project in Java:  Project Title: WFABilling   Role                      : Developer Domain                 : Tele-Com Environment          : Java, J2EE, S

Question: (a) Explain how the Diffie-Hellman key establishment protocol works. (b) Prove that the Diffie-Hellman key establishment protocol is vulnerable to a `man in the mi

Question: a) How many bits per second can be sent on a noiseless 4 MHz channel if four-level digital signals are used? b) If a binary signal is sent over a 3 KHz channel who

for making the assignment

discuss the merits and demerits of computers freezing

Probelm 1: Give the History and Evolution of Wireless Communication System. Complete explanation Probelm 2: Describe the process of Components Identification and cal