Given the data below that was collected during a risk identification and assessment initiative, answer the questions below. Asset ID Information Asset Asset Weighted Score
A Internet Gateway Network 50
Component
B e-commerce web server 80
An evaluation of the provided asset vulnerabilities results in:
Asset A: This is a network component that has two vulnerabilities. The first vulnerability involves a traffic overflow condition with a likelihood of 0.2 with a current control to address 40% of its risk. The second vulnerability involves a DoS attack likelihood of 0.4 with a current control to address 90 % of its risk.
Asset B: This is a web server that deals with e-commerce transactions. It has one vulnerability with a likelihood of 0.25 with a current control to address 60 % of its risk.
Let: Like=Likelyhood
AWScore=Asset
Weighted Score Control=Current Control Assumption= (1 - decimal value of the % Accuracy of Assumptions) IE: (1-6) or 4 Risk Rating = (AWScore *Like) - (AWScore*Like) *Control) + ((AWScore *Like) *Assumption) It is estimated that Assumptions and data on all assets are 80 % accurate.
a. Compute the relative risk ratings for each asset/vulnerability pair. Show your work.
b. Which asset/vulnerability needs to be examined first for implementing an additional control?
c. Which asset/vulnerabilities have residual risk?