Match each description to its plan by writing the description's number in the appropriate blank. Some descriptions may apply to two or more plans.
Business continuity plan (BCP) 2, 9, and 10
Disaster recovery plan (DRP) 1, 3, and 4
Business impact analysis (BIA) 5 and 7
Incident response plan 8
1. May be part of a BCP or referred to in a BCP (DRP)
2. Covers all functions of a business, including IT systems, facilities, and personnel (BCP)
3. Includes critical business functions (CBFs) (DRP)
4. Details emergency response and activities (DRP)
5. Generally includes interviews, surveys, or meetings to assess environment (BIA)
6. Includes the five Ws—who, what, where, when, and why—and one…show more content…
In the past year, employees have lost or damaged 75 smartphones.
With this information, calculate the following:
SLE = $500
ARO = 75
ALE = $37.500
Richman is considering buying insurance for each smartphone. Use the ALE to determine the usefulness of this safeguard. For example, Richman could purchase insurance for each device for $25 per year. The safeguard value is $25 X 1,000 devices, or $25,000. It is estimated that if the insurance is purchased, the ARO will decrease to 5. Should the company purchase the insurance?
Determine the effectiveness of the safeguard:
Current ALE = $37500
ARO with control = 5
ALE with control = $2500
Savings with control = 35000 (Current ALE - ALE with control)
Safeguard value (cost of control) = $25,000
Realized savings = 10000 (Savings with control - safeguard value)
Should Richman buy the insurance? Explain your answer.
Clearly this is cost effective. Instead of losing $37500 a year, the organization spends $25000 and only loses $2500 with the realized savings of $10000.
Qualitative Risk Assessment
Probability: The likelihood that a threat will exploit a vulnerability. Probability can use a scale of low, medium, and high, assigning percentage values to each.
Impact: The negative result if a risk occurs. You can use low, medium, or high to describe the impact.
You can calculate the risk level using the following formula:
Risk Level =