Related questions
Assume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed.
|
YXZ Software Company (Asset Value: $1,200,000 |
||||
|
Threat Category |
Cost per Incident |
Frequency of Occurrence |
Cost of Controls |
Type of Control |
|
Programmer mistakes |
$5,000 |
1 per month |
$20,000 |
Training |
|
Loss of intellectual property |
$75,000 |
1 per 2 years |
$15,000 |
Firewall/IDS |
|
Software piracy |
$500 |
1 per month |
$30,000 |
Firewall/IDS |
|
Theft of information (hacker) |
$2,500 |
1 per 6 months |
$15,000 |
Firewall/IDS |
|
Threat of information (employees) |
$5,00 |
1 per year |
$15,000 |
Physical security |
|
Web defacement |
$500 |
1 per quarter |
$10,000 |
Firewall |
|
Theft of equipment |
$5,000 |
1 per 2 years |
$15,000 |
Physical security |
|
Viruses, worms, Trojan horses |
$1,500 |
1 per month |
$15,000 |
Antivirus |
|
Denial-of-service attack |
$2,500 |
1 per 6 months |
$10,000 |
Firewall |
|
Earthquake |
$250,000 |
1 per 20 years |
$5,000 |
Insurance/backups |
|
Flood |
$50,000 |
1 per 10 years |
$10,000 |
Insurance/backups |
|
Fire |
$100,000 |
1 per 10 years |
$10,000 |
Insurance/backups |
Trending nowThis is a popular solution!
Step by stepSolved in 4 steps with 1 images
- The best methods for vulnerability detection and evaluation are covered in this article.arrow_forwardSecurity from up high, as opposed to from the bottom up: So what are the upsides of doing this?arrow_forwardWhich of the following is true regarding vulnerability appraisal? a. Vulnerability appraisal is always the easiest and quickest step. b. Every asset must be viewed in light of each threat. c. Each threat could reveal multiple vulnerabilities. d. Each vulnerability should be cataloged.arrow_forward
- Describe the steps of the NIST SP 800-37 Risk Management Framework? How do you select the baseline controls (e.g. NIST 800-53r5 Control Catalog baselines) and what does the security categorization mean (NIST FIPS 199) for an information system? When determining the Security categorization for any system, what do you look at?arrow_forwardIn this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.arrow_forward
- Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill Education
Starting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSON
Digital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON 
C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSON
Database Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Programmable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education