Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Identify Possible Controls For each threat and linked vulnerabilities which have residual risk, create primary list of control ideas. Residual risk is the risk which remains to

The Role of the Investigation The first phase, investigation is the most significant. What problem is the system being developed to solve? During investigation phase, objectives

(a) (i) If m = p·q·r where p, q, and r are prime numbers, what is Φ(m)? (ii) Therefore, Determine Φ(440). (b) Describe the following terms as used in cryptography: (i)

(a) Describe DES encryption with a block diagram and brief steps. (b) How does triple DES improve security. What is the effective key length of triple DES? How can 3DES be compa

You see two IP addresses. The IP address 192.168.58.130 is the one of Bt4. The IP address 192.168.58.133 has ports 135 and 445 open; which indicates that it is a Windows machine. S

Re: Website Google Ranking Hello! Hope you are doing well. I discovered some major issues in your website which might be the cause for the Google Penalties and poor search ranki


Risk Identification Risk management comprises of identifying, classifying and prioritizing organization’s information assets, threats and vulnerabilities also. Risk Identificati

LEGAL, ETHICAL AND PROFESSIONAL ISSUES To minimize liabilities and reduce risks, information security practitioner should: •    to understand current legal environment •    to s

Border Gateway Protocol It is a protocol needed to advertise the set of networks that can be achieved within an autonomous machine. BGP activates this information to be shared