Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Question
Chapter 7, Problem 4E
Program Plan Intro
Single loss expectancy:
- The expected monetary loss every time a risk occurs is called the Single Loss Expectancy.
- The Single Loss Expectancy (SLE), Exposure Factor (EF) and Asset Value (AV) are related by the formula:
- SLE = EF * AV
- Introducing this conceptual breakdown of Single Loss Expectancy into Exposure Factor and Asset Value allows us to adjust the two terms independently and is related to risk management and risk assessment.
- Asset Value may vary with market changes, inflation while Exposure Factor can be reduced by enabling preventive measures.
Annualized loss expectancy:
- The product of the single loss expectancy (SLE) and the annual rate of occurrence (ARO) give annualized loss expectancy (ALE).
- It is mathematically expressed as:
- ALE = SLE * ARO
- The important feature of Annualized Loss Expectancy is that it can be used directly in a cost- benefit analysis.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Instructions: Each student shall provide his own answers to the following questions. Similarity in the
students' answers will be classified as CHEATING cases.
The Operations Security Process consists of the following steps:
Step 1: Identification of Critical Information
Step 2: Analysis of Threats
Step 3: Analysis of Vulnerabilities
Step 4: Assessment of Risks
Step 5: Application of Countermeasures
If you were the information security manager of University of Hafr AIBatin, and you were asked to apply
the five steps of Operations Security Process to the university. Explain how should you apply these steps
and what are your expected outcomes for each step?
List the top 5 security architectural and design risks at the moment.
Then:
a) Explain each risk.
How do you decide which vulnerabilities are most critical?
Chapter 7 Solutions
Management Of Information Security
Ch. 7 - Prob. 1RQCh. 7 - Prob. 2RQCh. 7 - Prob. 3RQCh. 7 - Prob. 4RQCh. 7 - Prob. 5RQCh. 7 - Prob. 6RQCh. 7 - Prob. 7RQCh. 7 - Prob. 8RQCh. 7 - Prob. 9RQCh. 7 - Prob. 10RQ
Ch. 7 - Prob. 11RQCh. 7 - Prob. 12RQCh. 7 - Prob. 13RQCh. 7 - Prob. 14RQCh. 7 - Prob. 15RQCh. 7 - Prob. 16RQCh. 7 - Prob. 17RQCh. 7 - Prob. 18RQCh. 7 - Prob. 19RQCh. 7 - Prob. 20RQCh. 7 - Prob. 1ECh. 7 - Prob. 2ECh. 7 - Prob. 3ECh. 7 - Prob. 4ECh. 7 - Prob. 5ECh. 7 - Prob. 6ECh. 7 - Prob. 7ECh. 7 - Prob. 1DQCh. 7 - Prob. 2DQCh. 7 - Prob. 1EDM
Knowledge Booster
Similar questions
- Assume a year has passed and XYZ has improved its security. Using the following table, calculate the SLE, ARO, and ALE for each threat category listed. YXZ Software Company (Asset Value: $1,200,000 Threat Category Cost per Incident Frequency of Occurrence Cost of Controls Type of Control Programmer mistakes $5,000 1 per month $20,000 Training Loss of intellectual property $75,000 1 per 2 years $15,000 Firewall/IDS Software piracy $500 1 per month $30,000 Firewall/IDS Theft of information (hacker) $2,500 1 per 6 months $15,000 Firewall/IDS Threat of information (employees) $5,00 1 per year $15,000 Physical security Web defacement $500 1 per quarter $10,000 Firewall Theft of equipment $5,000 1 per 2 years $15,000 Physical security Viruses, worms, Trojan horses $1,500 1 per month $15,000 Antivirus Denial-of-service attack $2,500 1 per 6 months $10,000 Firewall…arrow_forwardA company interacts with the customers and is highly based on customer data. It has a weak policy which lets it update it's software only once every two years. Due to this policy a hacker could interact with the software and if there's a critical security issue, it wouldn't be addressed and patched until its updated. The long period between the software updates is a threat. Describe in details what are some policy solutions to overcome this vulnerability. (Please make sure they are specifically policy related, Thank you).( Do fast i have 1 hourarrow_forwardWhat do you think is the best tool or method for finding vulnerabilities? Why?arrow_forward
- There are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link sources.arrow_forwardThere are two graphs presented from the CERT on reported incidents and vulnerabilities. Keep in mind the difference between an incident and vulnerability. While these charts are dated they still provide valuable trend information that continues to rise. Today, both security incidents and security vulnerabilities continue to rise for a variety of reasons. What reasons can you provide for the continuing upwards trend in the number of incidents reported? You should provide at least four (4) reasons with supporting data and reasoned arguments to support your answer. Good answers will provide facts, reasoned arguments and references that go beyond anecdotal information. Explain using facts, reasoned arguments and references that go beyond anecdotal information and link to sources. PLEASE ADD YOUR SOURCES! Please have clear writing as well! Thank you!arrow_forwardIn this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.arrow_forward
- Q1: Enlist and discuss all the factors affecting infiltration rate.arrow_forwardWhich of the following is true regarding vulnerability appraisal? a. Vulnerability appraisal is always the easiest and quickest step. b. Every asset must be viewed in light of each threat. c. Each threat could reveal multiple vulnerabilities. d. Each vulnerability should be cataloged.arrow_forwardThe Operations Security Process consists of the following steps: Step 1: Identification of Critical InformationStep 2: Analysis of ThreatsStep 3: Analysis of VulnerabilitiesStep 4: Assessment of RisksStep 5: Application of Countermeasures If you were the information security manager of university and you were asked to applythe five steps of Operations Security Process to the university. Explain how should you apply these stepsand what are your expected outcomes for each step?arrow_forward
- research traditional to more conventional recommended models for security. no similarity no minimum word countarrow_forwardNo written by hand solution For each of the following scenarios, determine the asset involved, the vulnerability that exists for that asset, and a possible attack with risk level. 1- An online bookstore allows users to sign up using a username and password to create a profile containing their name, address, and Civil ID. The password is stored in a database in unencrypted form. Asset: Vulnerability: Attack: Risk: 2- An Internet Service Provider (ISP) provides its customers with access to the Internet. The ISP has a single main router where all traffic must pass through. If this router would fail, all access to the Internet would be denied. Asset: Vulnerability: Attack: Risk:arrow_forwardA list of procedures and utilities that will determine how vulnerable the areas identified in “b)” are (= the vulnerability assessment)arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,