IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [risk-analysis]

Risk Analysis is a practice used to identify and assess factors that may jeopardize the success of a project or achieving a goal. Security Risk Analysis or Risk Assessment could be Quantitative and Qualitative

Quantitative risk analysis is based on potential loss multiplying by probability. Qualitative risk analysis is based on analysis of interrelated elements: Threats, Vulnerabilities and Controls (countermeasures for vulnerabilities)

158 questions
-1
votes
1 answer

Potential risks per ISO 27002 clauses 5-18

I have a study project related to establishing of ISO 27001. I will do GAP analyses on "fictional" company over all ISO 27001 Annex A controls using ISO 27002. After I do that, I will detect the risks using the results of that GAP analyses. So my…
OrangeSpider
  • 31
  • 1
  • 4
-1
votes
3 answers

Should Risk Impact (not likelihood or overall risk) be quantified by the initial impact, or should you quantify by eventual (potential) impact

I am undertaking a risk assessment and trying to work out the risk impact on confidentiality for if a company employee (specifically a System Administrator) steals Server Hardware. On the one hand the System Admin already has a in depth knowledge…
Kay
  • 1
  • 1
-1
votes
1 answer

Can browser emulation create vulnerabilities?

If a browser is not authorized on a network, can browser emulation within an authorized browser create vulnerabilities? For instance, Chrome is unauthorized but if I run IE, press F12 to get into Developer mode, and then have it emulate Chrome, will…
Rincewind
  • 209
  • 1
  • 2
  • 5
-2
votes
1 answer

Security risk analysis software

I am looking for some risk assessment tools (preferably open source), which make the analysis of a system based on its hardware structure given as input and point out potential weaknesses of this system. For example, given a WiFi access point in a…
Alex Vorontsov
  • 11
-2
votes
2 answers

Why can't home internet users communicate with their peers?

As a home internet user, why does my ISP block my communication with any other client on the same subnet as mine? It is done for security obviously, but what is the risk? Update: as clarified by Tylerl, the issue is related to non broadcast nature…
AdnanG
  • 707
  • 2
  • 8
  • 18
-2
votes
1 answer

Upgrading Software Version: risk of an unknown vs known vulnerabilities

Is there any evidence or research into the likelihood, as well as damage, via vulnerabilities in previous versions compared to following iterations of software? For example, with every software version, there is the likelihood of new security…
8protons
  • 218
  • 1
  • 8
-2
votes
1 answer

Is ETSI TVRA a risk assessment or threat modeling tool?

Is ETSI TVRA TS 102 153 165-1 a risk assessment tool or threat modeling tool? And what's the justification? The purpose of the question is to be able to answer if TVRA is suitable to be mapped to Microsoft's SDL and at which practice ("PRACTICE #4:…
MFM
  • 1
  • 1
-3
votes
2 answers

Business Impact Analysis vs Risk Assessment

I am so confused about Business Impact Analysis vs Risk Assessment Could you please explain to me the difference between them? Thanks.
hienbuithanh88
  • 95
  • 4
1 2 3
10
11