Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Question
Chapter 5, Problem 4E
Program Plan Intro
Single loss expectancy:
Single loss expectancy is the value connected with loss acquired from an attack. It is calculated using the value of asset and exposure factor occurred from a particular attack.
Single loss expectancy is calculated by using the following formula:
Here, the term
Frequency of occurrence:
Frequency of occurrence is how often the attack takes place.
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
How might XYZ Software Company arrive at the values in the table shown in Exercise 3? For each entry, describe the process of determining the cost per incident and frequency of occurrence.
Assume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed.
YXZ Software Company (Asset Value: $1,200,000
Threat Category
Cost per Incident
Frequency of Occurrence
Cost of Controls
Type of Control
Programmer mistakes
$5,000
1 per month
$20,000
Training
Loss of intellectual property
$75,000
1 per 2 years
$15,000
Firewall/IDS
Software piracy
$500
1 per month
$30,000
Firewall/IDS
Theft of information (hacker)
$2,500
1 per 6 months
$15,000
Firewall/IDS
Threat of information (employees)
$5,00
1 per year
$15,000
Physical security
Web defacement
$500
1 per quarter
$10,000
Firewall
Theft of equipment
$5,000
1 per 2 years
$15,000
Physical security
Viruses, worms, Trojan horses
$1,500
1 per month
$15,000
Antivirus
Denial-of-service attack
$2,500
1 per 6 months
$10,000
Firewall…
Provide a short description of each of the five methods used to mitigate risk.
Chapter 5 Solutions
Principles of Information Security (MindTap Course List)
Ch. 5 - Prob. 1RQCh. 5 - Prob. 2RQCh. 5 - Prob. 3RQCh. 5 - Prob. 4RQCh. 5 - Prob. 5RQCh. 5 - Prob. 6RQCh. 5 - Prob. 7RQCh. 5 - Prob. 8RQCh. 5 - Prob. 9RQCh. 5 - Prob. 10RQ
Ch. 5 - Prob. 11RQCh. 5 - Prob. 12RQCh. 5 - Prob. 13RQCh. 5 - Prob. 14RQCh. 5 - Prob. 15RQCh. 5 - Prob. 16RQCh. 5 - Prob. 17RQCh. 5 - Prob. 18RQCh. 5 - Prob. 19RQCh. 5 - Prob. 20RQCh. 5 - Prob. 1ECh. 5 - Prob. 2ECh. 5 - Prob. 3ECh. 5 - Prob. 4ECh. 5 - Prob. 5ECh. 5 - Prob. 1CEDQCh. 5 - Prob. 2CEDQCh. 5 - Prob. 3CEDQCh. 5 - Prob. 1EDM
Knowledge Booster
Similar questions
- In the context of pipelining, explain the differences between data hazards, control hazards, and structural hazards. How can these hazards be resolved or minimized?arrow_forwardA list of procedures and utilities that will determine how vulnerable the areas identified in “b)” are (= the vulnerability assessment)arrow_forwardProvide an example of a high-profile security incident involving a failure in access control or authentication that has recently made headlines. In what ways did it impact daily operations at the company? In what ways does the company's losses fall into the following categories?arrow_forward
- Take, for example, the authentication or access control system that was recently discovered to have a flaw. If that is the case, how did it influence the day-to-day operations? Is there a record of the specific losses that have been experienced by the company?arrow_forwardTake the most recent instance of a security flaw involving authentication or access control that was reported in the media. If that is the case, how did it influence the day-to-day operations? Is there a list anywhere that details the specific losses that have been suffered by the company?arrow_forwardWhich data loss prevention strategies have a proven track record of success?arrow_forward
- Describe a recently reported security breach involving access control or authentication. Has it had any effect on the company's operations? Are there any particular losses that the business has sustained?arrow_forwardIs it possible that the recent security incident involving access control or authentication that made news was the product of an inside job, according to your opinion? In what ways did it have an impact on the day-to-day operations of the company? What kind of financial losses did the firm suffer?arrow_forward1. For each of the resources in the network diagram above, specify one possible risk. Also, use a ranking system of 1 to 5, where “5” is the most critical for the likelihood of occurrence and degree of impact. Based on any tool or formula you would like to implement, list and prioritize the risks to start with.arrow_forward
- Discuss the concept of pipelining hazards, including data hazards, control hazards, and structural hazards, and propose techniques to mitigate them.arrow_forwardCompare and contrast issues between the Enron and Worldcom case studies. Discuss the following in detail regarding the Enron and Worldcom scandals: What parallels can you draw between these two disasters? Each company had auditing processes in place. Why did those processes fail to prevent some of the problems? What could have been done differently? For each company, how could IT have been better aligned with organizational processes?arrow_forwarda.what is roc in it audit? b.what is a cold site in it audit?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage LearningManagement Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning