menu
bartleby
search
close search
Hit Return to see all results
Subscribe
Sign in
Engineering
Computer ScienceManagement Of Information Security6th Edition
close solutoin list

How could we determine EF if there is no percentage given? Which method is easier for determining the SLE: a percentage of value lost or cost per incident?

BuyFindarrow_forward

Management Of Information Security

6th Edition
WHITMAN + 1 other
Publisher: Cengage Learning,
ISBN: 9781337405713

Solutions

Chapter
Section
Problem 1RQ
Problem 2RQ
Problem 3RQ
Problem 4RQ
Problem 5RQ
Problem 6RQ
Problem 7RQ
Problem 8RQ
Problem 9RQ
Problem 10RQ
Problem 11RQ
Problem 12RQ
Problem 13RQ
Problem 14RQ
Problem 15RQ
Problem 16RQ
Problem 17RQ
Problem 18RQ
Problem 19RQ
Problem 20RQ
Problem 1E
Problem 2E
Problem 3E
Problem 4E
Problem 5E
Problem 6E
Problem 7E
Problem 1DQ
Problem 2DQ
Problem 1EDM
BuyFindarrow_forward

Management Of Information Security

6th Edition
WHITMAN + 1 other
Publisher: Cengage Learning,
ISBN: 9781337405713
Chapter 7, Problem 3E
Textbook Problem
1041 views

How could we determine EF if there is no percentage given? Which method is easier for determining the SLE: a percentage of value lost or cost per incident?

Program Plan Intro

Single loss expectancy:

  • The expected monetary loss every time a risk occurs is called the Single Loss Expectancy.
  • The Single Loss Expectancy (SLE), Exposure Factor (EF) and Asset Value (AV) are related by the formula:
    • SLE = EF * AV
  • Introducing this conceptual breakdown of Single Loss Expectancy into Exposure Factor and Asset Value allows us to adjust the two terms independently and is related to risk management and risk assessment.
  • Asset Value may vary with market changes, inflation while Exposure Factor can be reduced by enabling preventive measures.

Annualized loss expectancy:

  • The product of the single loss expectancy (SLE) and the annual rate of occurrence (ARO) give annualized loss expectancy (ALE).
  • It is mathematically expressed as:
    • ALE = SLE * ARO
  • The important feature of Annualized Loss Expectancy is that it can be used directly in a cost- benefit analysis.

Explanation of Solution

Determination of Exposure factor (EF):

  • The exposure factor denotes a loss percentage for a specific asset if a threat is recognized.
  • It denotes a personal value that person measuring risk need to define.
  • It is represented as impact of risk over asset or asset percentage lost.
  • To determine EF when percentage is not given, asset value is to be compared.
  • The asset value that is to be lost is to be computed.
  • Based on asset value lost, exposure factor could be computed.
  • If asset is been entirely lost, exposure factor will be 1...

Still sussing out bartleby?

Check out a sample textbook solution.

See a sample solution
arrow_back
Chapter 7,
Problem 2E
Chapter 7,
Problem 4E
arrow_forward

The Solution to Your Study Problems

Bartleby provides explanations to thousands of textbook problems written by our experts, many with advanced degrees!

Get Started

Chapter 7 Solutions

Management Of Information Security
Show all chapter solutions
add
Ch. 7 - What is competitive advantage? How has it changed...Ch. 7 - What is competitive disadvantage? Why has it...Ch. 7 - What are the five risk treatment strategies...Ch. 7 - Describe the strategy of defense.Ch. 7 - Describe the strategy of transference.Ch. 7 - Describe the strategy of mitigation.Ch. 7 - Describe the strategy of acceptance.Ch. 7 - Describe the strategy of termination.Ch. 7 - Describe residual risk.Ch. 7 - What are the three common approaches to implement...
Ch. 7 - Describe how outsourcing can be used for risk...Ch. 7 - What conditions must be met to ensure that risk...Ch. 7 - What is risk appetite? Explain why risk appetite...Ch. 7 - What is a cost-benefit analysis?Ch. 7 - What is the difference between intrinsic value and...Ch. 7 - What is single loss expectancy? What is annualized...Ch. 7 - What is the difference between benchmarking and...Ch. 7 - What is the difference between organizational...Ch. 7 - What is a qualitative risk assessment?Ch. 7 - How does Microsoft define risk management ? What...Ch. 7 - Using the following table, calculate the SLE, ARO,...Ch. 7 - How did the XYZ Software Company arrive at the...Ch. 7 - How could we determine EF if there is no...Ch. 7 - Assume a year has passed and XYZ has improved its...Ch. 7 - Why have some values changed in the following...Ch. 7 - Assume that the costs of controls presented in the...Ch. 7 - Using the Web, research the costs associated with...Ch. 7 - If you could have spoken to Mike Edwards before he...Ch. 7 - How would you advise Mike and Iris to proceed with...Ch. 7 - Suppose Mike and Iris make a decision to simply...

Additional Engineering Textbook Solutions

Find more solutions based on key concepts
Show solutions add
A(n) ___________ database provides a means to store and retrieve data that is modeled using Some means other th...

Fundamentals of Information Systems

Using Figure P2.4 as your guide, work Problems 45. The DealCo relational diagram shows the initial entities and...

Database Systems: Design, Implementation, & Management

how is Campbellā€™s making use of crowdsourcing? Do you think these initiatives will help the company appeal to y...

Fundamentals of Information Systems

What decisions might management reach the end of the systems analysis phase, and what would be the next step in...

Systems Analysis and Design (Shelly Cashman Series) (MindTap Course List)

What is the difference between an object and a class in the object-oriented data model (OODM)?

Database Systems: Design, Implementation, & Management

How many reservations have a trip price that is greater than 15.00 and less than 40.00?

A Guide to SQL

The individual application modules included in an ERP system are designed to support ______________, the most e...

Principles of Information Systems (MindTap Course List)

Brief Exercise 3-34 Preparing a Retained Earnings Statement Refer to the information presented in Brief Exercis...

Cornerstones of Financial Accounting

What is considered the most serious threat within the realm of physical security? Why is it valid to consider t...

Principles of Information Security (MindTap Course List)

The standard taper in most lathe tailstocks is the _______ taper.

Precision Machining Technology (MindTap Course List)

At a point on the web of a girder on an overhead bridge crane in a manufacturing facility, the stresses arc kno...

Mechanics of Materials (MindTap Course List)

What is a typical amperage rating for a residential building?

Engineering Fundamentals: An Introduction to Engineering (MindTap Course List)

A gas at T = 300 K and P = 1 bar is contained in a rigid, rectangular vessel that is 2 meters long, 1 meter wid...

Fundamentals of Chemical Engineering Thermodynamics (MindTap Course List)

Technician A says that in a conventional transmission, the speed gears freewheel around the mainshaft until the...

Automotive Technology: A Systems Approach (MindTap Course List)

Describe the role of a CIO within an organization.

Principles of Information Systems (MindTap Course List)

Repeat Problem 2.11 with the following data. 2.11 The grain-size characteristics of a soil are given in the fol...

Principles of Geotechnical Engineering (MindTap Course List)

The grain size distributions of two soils, A and B are shown in Figure 2.25. Find the percentages of gravels, s...

Fundamentals of Geotechnical Engineering (MindTap Course List)

Using the moisture contents (wet basis) of the waste components given in Table P2-14, calculate the overall moi...

Solid Waste Engineering

A tension member must be designed for a service dead load of 18 kips and a service live load of 2 kips. a. If l...

Steel Design (Activate Learning with these NEW titles from Engineering!)

What is meant by remote control?

Electric Motor Control

The arm ABCD of the industrial robot lies in a vertical plane that is inclined at 40 to the yz-plane. The arm C...

International Edition---engineering Mechanics: Statics, 4th Edition

The total load of a cord-connected room air conditioner shall not exceed what percentage of a separate branch c...

EBK ELECTRICAL WIRING RESIDENTIAL

Cloud Services Enterprise Software Apps Many companies make use of enterprise software apps to manage customer ...

Enhanced Discovering Computers 2017 (Shelly Cashman Series) (MindTap Course List)

For the beam of Problem 8.1, determine the maximum positive shear and bending moment at point B due to the seri...

Structural Analysis

Suppose you want to change the default port for RDP as a security precaution. What port does RDP use by default...

Network+ Guide to Networks (MindTap Course List)

Describe the common complaints caused by faulty shock absorbers.

Automotive Technology

If your motherboard supports ECC DDR3 memory, can you substitute non-ECC DDR3 memory?

A+ Guide to Hardware (Standalone Book) (MindTap Course List)

What is a mixing chamber? Where is it located?

Welding: Principles and Applications (MindTap Course List)

bartleby
Ā© bartleby 2020