Risk assessment, Computer Network Security

Assignment Help:

RISK ASSESSMENT

Risk assessment is a step in a risk management technique. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called as hazard). Quantitative risk assessment needs calculations of two components of risk: R, magnitude of potential loss L, and probability p that the loss will occur.

Risk assessment in information security

There are two techniques of risk assessment in information security field, quantitative and qualitative. Purely quantitative risk assessment is a mathematical calculation which is based on security metrics on the asset (system/application). Qualitative risk assessment is done when the organization requires a risk assessment be done in a relatively short time or to meet a small budget, a quantity of relevant data is not available, or persons performing the assessment do not have the sophisticated mathematical, and risk assessment expertise needed. Qualitative risk assessment can be performed in a shorter time period and with less data. Qualitative risk assessments are characteristically performed through interviews of a sample of personnel from all relevant groups within an organization charged with security of asset being assessed. The qualitative risk assessments are descriptive vs. measurable.

Risk is likelihood of occurrence of a vulnerability multiplied by value of the information asset minus the percentage of risk mitigated by present controls plus the uncertainty of present knowledge of the vulnerability. Risk assessment evaluates relative risk for every vulnerability and assigns a risk rating or score to each and every information asset.


Related Discussions:- Risk assessment

Explain how the framework will align to the model, MB Enterprise Systems Lt...

MB Enterprise Systems Ltd based in Mauritius is a company specialized in application development with Europe as the main customer base. The company has implemented CMMI and has rec

Describe the five-layer network using block diagrams, Problem 1: a) One...

Problem 1: a) One of the limitations of file processing systems is data inconsistency. Briefly explain with the help of an example what do you understand by this phrase. b)

Vigenere Cipher, What key which if used to encrypt the ciphertext again wou...

What key which if used to encrypt the ciphertext again would give back the plaintext (i.e. key is a weak key)? Define a formula for identifying weak keys for the cipher below (

Differences between a hacker and a cracker, Question: (a) Which of the...

Question: (a) Which of the following is not a goal of security: i) detection ii) prevention iii) recovery iv) prosecution (b) You are an honest student. One day you

What is ftam-file transfer access and management, Describe what the FTAM se...

Describe what the FTAM services are. FTAM  stand for the File Transfer Access and Management: FTAM is an ISO application protocol which performs the operations on files such as.

Define packet, CONCEPT OF PACKET : Network systems splits data in small ...

CONCEPT OF PACKET : Network systems splits data in small junks or blocks known as packets, which they send individually. Why we required packets rather than bits? The answer to

Explain the operation of the matchmaker middle agent, Question 1: (a) E...

Question 1: (a) Explain the operation of the "matchmaker" middle agent. (b) Describe why broker middle agents are more efficient in terms of the time taken for a service to

Benchmarking-information security, Benchmarking An alternative approach to...

Benchmarking An alternative approach to risk management is Benchmarking. It is process of seeking out and studying practices in other organizations which one’s own organization de

Ethical hacking penetration testing, Get a copy of Metasploitable at Make...

Get a copy of Metasploitable at Make">http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ Make sure to follow these directions very carefully. You will get po

Digital certificates, A Certificate presents an organization in an official...

A Certificate presents an organization in an official digital form. This is same to an electronic identity card which serves the purpose of Identifying the owner of the certificate

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd