Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
UDP- DATAGRAM TRANSPORT SERVICE INTRODUCTION:  UDP is the one of the transport protocols in TCP/IP protocol suite. UDP protocol accepts applications on the computers to

Size of Option field of an ip datagram is 20 bytes. What is the value of HLEN? What is the value in binary?

Mapping between a hardware address and a protocol address is known Address Resolution. A router or host uses address resolution when it requires to transmit a packet to another dev

QUESTION (a) FTP is a protocol used for the delivery of files across networks. Explain how FTP works (support your answer with a diagram). (b) How does TCP perform the gi

QUESTION: a) Below is a capture of an Ethernet II frame which has an IPv4 packet and a segment. Provide the source MAC address in hexadecimal; the source IP address, the length

CARRIER  SENSE MULTIPLE ACCESS (CSMA) There is no central access management when computers transfer on Ethernet. For this solution the Ethernet employs CSMA to coordinate tran


MB Enterprise Systems Ltd based in Mauritius is a company specialized in application development with Europe as the main customer base. The company has implemented CMMI and has rec

Example 3: Logic bombs In the year 2000, Timothy Lloyd was found responsible of causing $10 million and $12 million of damage to Omega Engineering, an American company specializ

Encode the following plaintext, using the Caesar cipher:             LORD OF THE RINGS b) The following ciphertext              jw njbh lxmn cx kanjt has been encoded usi