Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Question
Chapter 7, Problem 4E
Program Plan Intro
Single loss expectancy:
- The expected monetary loss every time a risk occurs is called the Single Loss Expectancy.
- The Single Loss Expectancy (SLE), Exposure Factor (EF) and Asset Value (AV) are related by the formula:
- SLE = EF * AV
- Introducing this conceptual breakdown of Single Loss Expectancy into Exposure Factor and Asset Value allows us to adjust the two terms independently and is related to risk management and risk assessment.
- Asset Value may vary with market changes, inflation while Exposure Factor can be reduced by enabling preventive measures.
Annualized loss expectancy:
- The product of the single loss expectancy (SLE) and the annual rate of occurrence (ARO) give annualized loss expectancy (ALE).
- It is mathematically expressed as:
- ALE = SLE * ARO
- The important feature of Annualized Loss Expectancy is that it can be used directly in a cost- benefit analysis.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Assume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed.
YXZ Software Company (Asset Value: $1,200,000
Threat Category
Cost per Incident
Frequency of Occurrence
Cost of Controls
Type of Control
Programmer mistakes
$5,000
1 per month
$20,000
Training
Loss of intellectual property
$75,000
1 per 2 years
$15,000
Firewall/IDS
Software piracy
$500
1 per month
$30,000
Firewall/IDS
Theft of information (hacker)
$2,500
1 per 6 months
$15,000
Firewall/IDS
Threat of information (employees)
$5,00
1 per year
$15,000
Physical security
Web defacement
$500
1 per quarter
$10,000
Firewall
Theft of equipment
$5,000
1 per 2 years
$15,000
Physical security
Viruses, worms, Trojan horses
$1,500
1 per month
$15,000
Antivirus
Denial-of-service attack
$2,500
1 per 6 months
$10,000
Firewall…
After reading examples in the book, provide an example of an asset that is important to you, a threat that could impact that asset and what is the likelihood that asset is vulnerable to that threat?
Which of the following is true regarding vulnerability appraisal?
a. Vulnerability appraisal is always the easiest and quickest step.
b. Every asset must be viewed in light of each threat.
c. Each threat could reveal multiple vulnerabilities.
d. Each vulnerability should be cataloged.
Chapter 7 Solutions
Management Of Information Security
Ch. 7 - Prob. 1RQCh. 7 - Prob. 2RQCh. 7 - Prob. 3RQCh. 7 - Prob. 4RQCh. 7 - Prob. 5RQCh. 7 - Prob. 6RQCh. 7 - Prob. 7RQCh. 7 - Prob. 8RQCh. 7 - Prob. 9RQCh. 7 - Prob. 10RQ
Ch. 7 - Prob. 11RQCh. 7 - Prob. 12RQCh. 7 - Prob. 13RQCh. 7 - Prob. 14RQCh. 7 - Prob. 15RQCh. 7 - Prob. 16RQCh. 7 - Prob. 17RQCh. 7 - Prob. 18RQCh. 7 - Prob. 19RQCh. 7 - Prob. 20RQCh. 7 - Prob. 1ECh. 7 - Prob. 2ECh. 7 - Prob. 3ECh. 7 - Prob. 4ECh. 7 - Prob. 5ECh. 7 - Prob. 6ECh. 7 - Prob. 7ECh. 7 - Prob. 1DQCh. 7 - Prob. 2DQCh. 7 - Prob. 1EDM
Knowledge Booster
Similar questions
- Who is responsible for risk management in an organization? REFERENCES Main Textbook Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Nelson Education. Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Nelson Education.arrow_forwardList the top 5 security architectural and design risks at the moment. Then: a) Explain each risk.arrow_forwardExecute a condensed risk management analysis on your computer. It is necessary to identify assets, analyse threats, assess vulnerabilities, evaluate risks, and take risk mitigation measures. Make a list of the parts that each category applies to in your system. What grave errors did you discover? How may these risks be diminished? What safety precautions have you taken with your own computer? Do you intend to follow through on the plan? Otherwise, why not?arrow_forward
- Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? REFERENCES Main Textbook Whitman, M. E., & Mattord, H. J. (2012). Principles of information security. Nelson Education. Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Nelson Education.arrow_forwardInformation asset A has a value score of 50 and has one vulnerability. Vulnerability 1 has a likelihood of 1.0 with no current controls, and you estimate the assumptions and data are 90% accurate. Calculate the Risk Assessmentarrow_forwardQ1: Enlist and discuss all the factors affecting infiltration rate.arrow_forward
- There are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link to sources. PLEASE ADD YOUR SOURCES! Please have clear writing as well! Thank you!arrow_forwardThere are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link sources.arrow_forwardPerform a quick risk management analysis on your computer. It is necessary to do asset identification, threat identification, vulnerability assessment, risk assessment, and risk mitigation. Make a list of the elements under each category that pertain to your system. What critical faults did you discover? How might these risks be minimised? What safety precautions have you put in place for your computer? Do you intend to implement the strategy? Why not, if not?arrow_forward
- you've just started a new job as an information security analyst at a medium-sized company, one with about 500 employees across its seven locations. in a conversation with your team chief, you learn that the company's approach to risk management and information security includes an annual review and update of its risk register. which of the follwoing mighr be worth asking your chief about? ( choose all that apply )arrow_forwardClassify each of the following situations into one of the main risk management approaches: risk acceptance, risk avoidance, risk mitigation, or risk transfer. For each situation, more than one strategies apply. The situations are: a) Purchase a loss-of-profit insurance b) Initiated a company policy that no employees are allowed to remotely log onto the company’s network. c) By company policy, user machines are not allowed to upload any software d) The company installed three additional firewalls inside the corporate networkarrow_forwardUse your computer to do a streamlined risk management analysis. It is necessary to do asset identification, threat analysis, vulnerability analysis, risk assessment, and risk reduction. Put up a list of the system parts that apply to each class. What were the most significant problems you found? How might we lessen these dangers? What kind of security measures have you taken to protect your computer? Do you plan to put the plan into action? Then why not?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage LearningInformation Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning