Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Question 1 a) Provide three advantages of using optical fiber. b) Distinguish between "Direct Sequence Modulation" and "Frequency Hopping" c) Decribe the purpose of using "

Is standard TCP effective in mobile wireless networks that operate with the IEEE 802.11 wireless local area network protocol?Discuss the issue

UDP ENCAPSULATION As given in the figure below, UDP packet is included in IP datagram and the IP datagram is then attached in the Frame.

An injunction to 'think ethically' about a situation is not helpful. Perhaps if one has a background in moral philosophy this would work, but usually both students and IT professio

Problem 1: List measurable entities on which the quality of service in a data communication network depends Problem 2: Show the features of a typical Network Management

ROUTING TABLE For efficiency, information about forwarding is saved in a routing table, which is started at system initialization and must be updated as network topology modif

Question (a) Draw a typical hybrid star-ring topology paying attention to how the clients and switching hubs are connected. (b) State 3 main differences between a router

Issue-Specific Security Policy (ISSP) The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular iss

IDS RESPONSE BEHAVIOR Once IDS detects an anomalous network situation, it has a number of options. IDS responses to external stimulation can be classified as active or passive.

Problem (a) Using Vigenère cipher and given the key abc, find the ciphertext for the message: simplicity Only the 26 lower-case alphabetical characters are used in messa