Risk effect on the university’s operations, assets as well

 

 

Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)

 
Threat Likelihood

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Impact

Low                                 (10)

Medium                                 (50)

High                        (100)

High (1.0)

Low Risk                          (10 x 1.0 = 10)

Medium Risk                          (50 x 1.0 = 50)

High Risk               (100 x 1.0 = 100 )

Medium (0.5)

Low Risk                        (10 x 0.5 = 5)

Medium Risk                      (50 x 0.5 = 25)

Medium Risk                  (100 x 0.5 = 50)

Low (0.1)

Low Risk                               (10 x 0.1 = 1)

 Low  Risk                          (50 x 0.1 = 5)

Low Risk                   (100 x 0.1= 100)

 Risk was calculated as follows:

 

Impact (Score)

Definition

High (100)

Loss of confidentiality, integrity, availability will have critical or severe effect on the university’s operations, assets as well as individuals.
Examples:
·         A Denial of service attack will prevent legitimate users from gaining access to resources like students unable to access their academic records.
·         Major damage to the university’s image after an attack.
·         Closure of business after an attack.

Medium ( 50)

Loss of confidentiality, integrity, availability will have a significant effect on the university’s operations, assets as well as individuals.
·         Significant financial loss due to an attack on the communication devices or third party services
·         Significant disruption of services
 

Low (10 )

Loss of confidentiality, integrity, availability will have limited effect on the university’s operations, assets as well as individuals
·         Minor financial loss
·         Minor disruption in operations

Magnitude of Impact

 

 

 

Likelihood (Weight Factor)

Definition

High (1.0)

The threat source is highly capable, the asset value is high and highly motivated and controls to prevent the vulnerability from being exploited is inadequate.

Medium (0.5)

The threat source is capable, asset value is moderate an motivated and the controls to prevent exploitation of the vulnerability may be in place.

Low (0.1)

The threat source lacks capability, intent, asset value is low and the controls are in place to prevent attacks.

Threat Likelihood

 And the following definitions:

 Risk = Threat Likelihood x Magnitude of Impact

In determining risks associated with the university, we utilized the following model for classifying risk:

Risk Model