Security Risk Analysis based on probability of system failure, attacks and Vulnerabilities

Network security management plays a crucial role in protecting organization assets and its computer infrastructure. This can be done by identifying the vulnerabilities and developing effective control that reduces the risk of attacks and failures. Network risk assessment is a subjective process that is linked to multiple variables. These variables are associated with the organization assets and their impact on the health of the organization. To preserve the value of these assets, they must be protected from failure or attacks. In addition vulnerability assessment must be undertaken to assess the value of these assets for possible deficiency that would cause successful attacks. The main factors affecting failure are possible of system failure, threats which can be related to internal and external attacks, environmental threat, and process related threats. A risk management methodology is described in this paper to assist managers in evaluating the security risk of their organization. This risk is based on multiple variables that are related to vulnerabilities, probability of failure, and possible attacks caused by threats.