risk cube to analyze security risk
A risk cube is a tool that is used to analyze a security risk issue. For example, consider the challenge to measure security concerns for a direct-recording electronic (DRE) voting machine. The risk cube has the following domains:
- Probability: Likelihood of error (low, medium, high)
- Outcome: Severity of error (low, high)
- Duration: Impact of error (isolated, long-term)
Use the risk cube as the tool to categorize the security risks, and justify the DRE acceptance or rejection in each subcube. Complete the following:
- For each subcube, justify the acceptance or rejection of DRE voting with a summarized statement.
- In addition to the acceptance or rejection choice, add a security risk classification of high, medium, or low for each subcube.
- Conclude with a statement of expected concurrency with the risk cubes of peers.
- If a single risk cube were to be created from those of all peers, would significant differences be expected?
- What mitigation processes might be used to resolve differences?