Security Risk Analysis for Asset in relation to Vulnerability, Probability of Threats and Attacks

Network security management plays a crucial role in protecting organization assets and its computer infrastructure by identifying an effective control that reduces the risk of attacks and failures. Network risk assessment is a subjective process that is affected by multiple distinctive variables. These variables are associated with the organization assets and their impact on the health of the organization. To preserve tire value of these assets, they must be protected from failure or attacks. In addition vulnerability assessment must be undertaken to assess the value of these assets,for possible deficiency that would cause successful attacks. The main factors affecting failure are threats which can include threat of attack, environmental threat, and process related threats. On the other hand, preventing attacks on these assets would reduce the risk of failure and consequently maintain the health of the organization. A risk assessment methodology is described in this paper to assist managers in evaluating the security risk of their organization which is based on the identified variables related to vulnerabilities, threats, and possible attacks.