Chat with us, powered by LiveChat <div class="css- | Study Help
  

1. Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table, calculate the ARO and ALE for each threat category the company faces for this project.

Threat Category

Cost per Incident (SLE)

Frequency of Occurrence

Programmer mistakes

$5,000

1 per week

Loss of intellectual property

$75,000

1 per year

Software piracy

$500

1 per week

Theft of information (hacker)

$2,500

1 per quarter

Theft of information (employee)

$5,000

1 per 6 months

Web defacement

$500

1 per month

Theft of equipment

$5,000

1 per year

Viruses, worms, Trojan horses

$1,500

1 per week

Denial-of-service attacks

$2,500

1 per quarter

Earthquake

$250,000

1 per 20 years

Flood

$250,000

1 per 10 years

Fire

$500,000

1 per 10 years

2. Assume that a year has passed and XYZ has improved security by applying several controls. Using the information from Exercise 1 and the following table, calculate the post-control ARO and ALE for each threat category listed.

Threat Category

Cost per Incident

Frequency of Occurrence

Cost of Control

Type of Control

Programmer mistakes

$5,000

1 per month

$20,000

Training

Loss of intellectual property

$75,000

1 per 2 years

$15,000

Firewall/IDS

Software piracy

$500

1 per month

$30,000

Firewall/IDS

Theft of information (hacker)

$2,500

1 per 6 months

$15,000

Firewall/IDS

Theft of information (employee)

$5,000

1 per year

$15,000

Physical security

Web defacement

$500

1 per quarter

$10,000

Firewall

Theft of equipment

$5,000

1 per 2 years

$15,000

Physical security

Viruses, worms, Trojan horses

$1,500

1 per month

$15,000

Antivirus

Denial-of-service attacks

$2,500

1 per 6 months

$10,000

Firewall

Earthquake

$250,000

1 per 20 years

$5,000

Insurance/
backups

Flood

$50,000

1 per 10 years

$10,000

Insurance/
backups

Fire

$100,000

1 per 10 years

$10,000

Insurance/
backups

Assume that the values in the Cost of Control column are unique costs directly associated with protecting against the threat. In other words, don’t consider overlapping costs between controls. Calculate the CBA for the planned risk control approach in each threat category. For each threat category, determine whether the proposed control is worth the costs.

error: Content is protected !!