Scribd Logo
Unggah

Selamat datang di Scribd!

  • Homework 3

    Diunggah oleh

    SOMEONE
    5 tayangan3 halaman
    fre

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    fre

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    5 tayangan3 halaman

    Homework 3

    Diunggah oleh

    SOMEONE
    fre

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    Exercise 1.

    Suppose XYZ Software Company has a new application development project, with projected revenues
    of $1,200,000. Using the following table, calculate the ARO and ALE for each threat category that XYZ Software
    Company faces for this project.

    ARO
    52
    1
    52
    4
    2
    12
    1
    52
    calculate the ARO and
    faces for this project.
    Annualized loss
    rate of occurrence (ARO)
    SLE = asset value

    4.0
    0.05
    0.1
    0.1

    ALE
    $
    260,000
    $
    75,000
    $
    26,000
    $
    10,000
    $
    10,000
    $
    6,000
    $
    5,000
    $
    78,000
    $
    10,000
    $
    12,500
    $
    25,000
    $
    50,000

    Question (3 points) Using the following table,


    ALE for each threat category that XYZ Software Company
    expectancy (ALE) =single loss expectancy (SLE) annualized
    exposure factor (EF)

    ARO for programmer mistakes is 52 since a year has 52 weeks; for los of intellectual property is 1 because it
    happens once a year, and so on with the same logic are the results in the table above in ARO column.
    For programmers mistakes
    the results are as shown in the

    ALE1

    CBA

    60,000
    37,500

    180,000
    22,500

    6,000

    -10,000

    5,000
    5,000

    -10,000
    -10,000

    Exercise 2. Assume a year


    security by applying a number
    for each threat category listed.

    2,000
    2,500
    ARO18,000
    5,000
    1212,500
    0.5
    5,000
    12
    10,000
    2
    1
    4
    0.5
    12
    2
    0.05
    0.1
    0.1

    Question

    -14,000
    -12,500
    45,000
    -12,500
    -5,000
    10,000
    30,000

    ALE is=52x5000=260,000$ and we the same logic


    column above ALE.

    has passed and XYZ (from exercise 1) has improved


    of controls. Calculate the post-control ARO and ALE

    1. Why have some values changed in the columns Cost per Incident and Frequency of Occurrence? (2 points)
    Some of the values have changed because controls were implemented and they had a positive impact on the
    protection of the assets of the organization and that brought the reduction of the frequency of occurrences.
    2. How could a control affect one but not the other? (2 points)
    For example the insurance and backups can reduce the costs but not the frequency of occurrence because a
    flood or an earthquake can happen anytime.
    3. Calculate the CBA for the planned risk control approach for each threat category. For each threat category,
    determine if the proposed control is worth the costs. (3 points)
    ACS is the annualized cost of the safeguard
    CBA = ALE(prior) ALE(post) ACS
    For exampleprogrammer mistakes
    CBA=260,000-60,000-20,000=180,000 and so on with the same logic the results will be as shown in the table.
    CBA > 0; Good
    CBA = 0; Why bother
    CBA < 0; No benefit, forget it

    So we have programmer mistakes,loss of intellectual property viruses flood and fire are worth it.
    And the others are not.

    Anda mungkin juga menyukai