ome Layout New Roman Headng 3 4. (50 points) Assume that a year has passed and X

Question

ome Layout New Roman Headng 3 4. (50 points) Assume that a year has passed and XYZ has improved security by applying several controls. Using the information from Exercise 3 and the following table, calculate the post-control ARO and ALE for each threat category listed Threat Category Cost perFrequency of Cost of Type Incident Occurrence Control Control Programmer mistakes Loss of intellectual property Software piracy Theft of information (hacker) $5,000 3 per month $20,000 Training $25,000 I per 2 years $20,000 Firewal/IDS $500 1 per 2 months $9,000 Firewal/IDS $1.,500 2 per 6 months $20,000 irewal/IDS Why have some values changed in the Cost per Incident and Frequency of Occurrence columns? How could a control affect one but not the other? Assume that the values in the Cost of Control column directly associated with protecting against the threat. In other words, don't consider overlapping costs between controls. Calculate the CBA for the planned risk control approach in each threat category. For each threat category, determine whether the proposed control is worth the costs. are unique costs

Explanation / Answer

Programmar mistake - ARO = 12 *3 = 36
                    ALE = 36 * 5000 = 1,80,000
Cost of control 20000
CBA = 1,80,000 - 20000 = 1,60000 (It is worth it)

Loss of Intellectual property - ARO =0.5
                    ALE = 0.5 * 25000 = 12,500
Cost of control 20000
CBA = 12500 - 20000 = -7500 (It is not worth it)

Software piracy - ARO =12 * 0.5 = 6
                    ALE = 6 * 500 = 3000
Cost of control 9000
CBA = 3000 - 9000 = -6000(It is not worth it)

Theft of infiormation - ARO =4
                    ALE = 4 * 1500 = 6000
Cost of control 20000
CBA = 6000 - 20000 = -12000(It is not worth it)       

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.