Risk determination, Computer Network Security

Risk Determination

For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an element of uncertainty. For instance

• Information asset A has a value score 50 and has 1 vulnerability: Vulnerability
1 has a likelihood of 1.0 with no current controls and you estimate that the assumptions and data are 90 percent accurate.
• Information asset B has a value score of 100 and has 2 vulnerability 2 has a likelihood of 0.5 with a current control which addresses 50 percent of risk. Vulnerability
3 has a likelihood of 0.1 with no current controls.

Resulting ranked list of risk ratings for the 3 vulnerabilities:

 Asset A: Vulnerability 1 rated as 55 = (50 x 1.0) –0% + 10% Where 55 = (50 x 1.0) – ( ( 50x 1.0)x0.0) + ( ( 50x1.0) x 0.1)
55 = 50 - 0 + 5

Asset B: Vulnerability 2 rated as 35 = (100 x 0.5) – 50% + 20% Where 35 = (100 x 0.5) – ( (100 x 0.5)x 0.5) + ( ( 100 x0.5) x 0.2)
35 = 50 – 25 + 10

Asset C: Vulnerability 3 rated as 12 = (100 x 0.1) – 0% + 20% Where 12= (100 x 0.1) – ((100 x 0.1) x 0.0) + ((100 x0.1) x 0.2)
12 = 10 - 0 + 2

Posted Date: 10/8/2012 6:21:12 AM | Location : United States







Related Discussions:- Risk determination, Assignment Help, Ask Question on Risk determination, Get Answer, Expert's Help, Risk determination Discussions

Write discussion on Risk determination
Your posts are moderated
Related Questions
Q. Analysis of the Problem of cyber attack? According to the case, The EZ Company is a prominent organization specialized in information integration and visualization technolog

Question : (a) State whether the following statement is FALSE or TRUE: It is always better to have various access points to the Internet so that if a hacker takes one down you

Documenting the Results of Risk Assessment The goal of this process is to recognize the information assets, list them, and rank according to those most required protection. The

Question: (a) What is the major problem with public key encryption when compared to symmetric key encryption? (b) Consider the following protocol for communication between t

RSA Block and Vernam Stream Ciphers This assignment involves writing two small Python scripts and a report. Before you start you must download the ?le summarysheets.zip from th

(a) What are the different architectures for wireless networks? (b) Explain how WEP authentication and encryption works, describe the vulnerability. (c) In what ways are secu

Detect each visit to www.google.com that is made by the machine. o Send an alert when an activity relating to network chat is detected. o Send an alert when an attempt is made for

Application-Based IDS Application-based IDS (AppIDS) is an advanced version of HIDS. It examines application for abnormal events. The ability to view encrypted data is the uniqu

Discuss how developers should apply the following countermeasures to improve the security of their code:

Question: a) How many bits per second can be sent on a noiseless 4 MHz channel if four-level digital signals are used? b) If a binary signal is sent over a 3 KHz channel who