Security Threats Severity AnalysisWhat is Severity Analysis?Figure 1-19: Threat Severity AnalysisAccessing potential damageExerciseSecurity Threats Severity AnalysisTuesday 1/15/2008What is Severity Analysis?Accessing security threats occurrence likelihoodAccessing threats’ potential damageAccessing countermeasure costsDetermining the value of protecting against the threats.Figure 1-19: Threat Severity AnalysisStep Threat12345Cost if attack succeedsProbability of occurrenceThreat severityCountermeasure costValue of protectionApply countermeasure?Priority67A$500,00080%$400,000$100,000$300,000Yes1B$10,00020%$2,000 $3,000 ($1,000) NoNAC$100,0005%$5,000 $2,000 $3,000 Yes2D$10,00070%$7,000 $20,000($13,000)NoNAAccessing potential damageDetermining extent to which a threat couldModify critical corporate dataDelete critical corporate dataAllow unauthorized access to confidential info.Allow misdirection of confidential info.Allow message alterationLead to loss of employees or customers’ privacySlow down network servicesJeopardize network service availabilityLead to loss of customers’ faith and trustExerciseVisit the www.sophos.com web site at in order to gather information about a worm called W32/Zafi-B and answer the following two questions.1) Using bullets, list specific malicious actions that W32/Zafi-B could take to potentially damage or disturb a computer system.2) Use the questionnaire provided by the instructor to access the potential risk posed by
View Full Document