Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Question: Spreadsheet packages are widely used in Business. a) Explain why spreadsheets are so useful. b) Spreadsheet files are sometimes saved for use by other software

DEPLOYMENT AND IMPLEMENTING OF AN IDS The strategy for deploying IDS should consider various factors. These factors will determine the number of administrators required to insta

POLICY MANAGEMENT Policies should be managed as they constantly change. Good policy development and maintenance make a more resilient organization. All policies undergo tremendou

WFABilling project in Java:  Project Title: WFABilling   Role                      : Developer Domain                 : Tele-Com Environment          : Java, J2EE, S

Question: a) How many bits per second can be sent on a noiseless 4 MHz channel if four-level digital signals are used? b) If a binary signal is sent over a 3 KHz channel who

An injunction to 'think ethically' about a situation is not helpful. Perhaps if one has a background in moral philosophy this would work, but usually both students and IT professio

(a) Define what you understand by the following terms in Network Flows: i) UnDirected Path ii) Directed Path iii) Directed Cycle. iv) Tree In each of the above, expla

"Using the CNSS Model, examine each of the cells and write a brief statement on how you would address the components respesented in that cell"

Public Key Infrastructure (PKI) It is integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd-party services enabling users to communicate

TOKEN RING Many LAN methods that are ring topology need token passing for synchronized access to the ring. The ring itself is acts as a single shared communication phase. Both