Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Question
Chapter 7, Problem 6E
Program Plan Intro
Single loss expectancy:
- The expected monetary loss every time a risk occurs is called the Single Loss Expectancy.
- The Single Loss Expectancy (SLE), Exposure Factor (EF) and Asset Value (AV) are related by the formula:
- SLE = EF * AV
- Introducing this conceptual breakdown of Single Loss Expectancy into Exposure Factor and Asset Value allows us to adjust the two terms independently and is related to risk management and risk assessment.
- Asset Value may vary with market changes, inflation while Exposure Factor can be reduced by enabling preventive measures.
Annualized loss expectancy:
- The product of the single loss expectancy (SLE) and the annual rate of occurrence (ARO) give annualized loss expectancy (ALE).
- It is mathematically expressed as:
- ALE = SLE * ARO
- The important feature of Annualized Loss Expectancy is that it can be used directly in a cost- benefit analysis.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Give a brief description of each of the five risk-control strategies.
Write at least 4 examples of how you arrive at the risk rating for a given threat by asking questions to quantify the DREAD categories?
In this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you
will create a paper-based plan.
You will need to create three security controls in your risk mitigation plan: one control that reduces the
asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your
security controls should also include examples of both strategic and tactical controls. You can refer to
the following table for a clearer picture of the requirements.
Security Control
Reduces
Level (strategic/tactical)
Asset value
Vulnerability severity
Threat Impact
Define three security controls designed to mitigate the risk associated with a recent leak of sensitive
information that was stored in cleartext files.
Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You
do not need to perform a management review in this section.
Chapter 7 Solutions
Management Of Information Security
Ch. 7 - Prob. 1RQCh. 7 - Prob. 2RQCh. 7 - Prob. 3RQCh. 7 - Prob. 4RQCh. 7 - Prob. 5RQCh. 7 - Prob. 6RQCh. 7 - Prob. 7RQCh. 7 - Prob. 8RQCh. 7 - Prob. 9RQCh. 7 - Prob. 10RQ
Ch. 7 - Prob. 11RQCh. 7 - Prob. 12RQCh. 7 - Prob. 13RQCh. 7 - Prob. 14RQCh. 7 - Prob. 15RQCh. 7 - Prob. 16RQCh. 7 - Prob. 17RQCh. 7 - Prob. 18RQCh. 7 - Prob. 19RQCh. 7 - Prob. 20RQCh. 7 - Prob. 1ECh. 7 - Prob. 2ECh. 7 - Prob. 3ECh. 7 - Prob. 4ECh. 7 - Prob. 5ECh. 7 - Prob. 6ECh. 7 - Prob. 7ECh. 7 - Prob. 1DQCh. 7 - Prob. 2DQCh. 7 - Prob. 1EDM
Knowledge Booster
Similar questions
- 1. For each of the resources in the network diagram above, specify one possible risk. Also, use a ranking system of 1 to 5, where “5” is the most critical for the likelihood of occurrence and degree of impact. Based on any tool or formula you would like to implement, list and prioritize the risks to start with.arrow_forwardWhich five risk-control strategies should be mentioned and quickly explained?arrow_forwardCreate a threat diagram that has at at least three items that are wrong with it. Identify all the items that are wrong with it, and explain what each symbol means.arrow_forward
- A recommended approach is that the people assigned to implement a risk management program should begin by studying the models presented earlier in this chapter and identifying what each offers to the envisioned process. Once the organization understands what each risk management model offers, it can adapt one that is a good fit for the specific needs at hand. Which risk control strategy would you consider the most effective and why? When should the strategy be used and why should it not be used for all risks?arrow_forwardAfter reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?arrow_forwardThe five risk-control strategies are listed and briefly described below.arrow_forward
- Describe how the nett present value relates to the risk involved. Utilize mathematical models to back up your assertions over a wide range of scenarios with varied degrees of danger.arrow_forwardPlace the capital letter of the control goal that best matches the situation described. Provide a one- or two-sentence explanation of how the situation relates to the control goal you selected. If you select more than one control goal for a situation, provide an explanation for each that you select. Hint: Some letters may be used more than once. Conversely, some letters may not apply at all. Control Goals Ensure effectiveness of operations Ensure efficient employment of resources Ensure security of resources Ensure input validity Ensure input completeness Ensure input accuracy Ensure update completeness Ensure update accuracy Situations An accounts payable clerk at C&C Company enters vendor invoices into the computer. When the invoices for a particular day were entered, the computer noted that vendor invoice 12345 appeared twice. The computer rejected the second entry (i.e., the duplicate, the invoice with the same number). In entering the invoices mentioned in situation 1, the…arrow_forwardThe output of Risk decomposition is: Select one: a. Risk description b. Root cause analysis c. Dependibility requirements d. Risk assessmentarrow_forward
- Have you experienced scope creep in your development of a Risk Management Plan (or other policy)? If so, how did you handle it? If not, what actions would you have taken to control scope creep? (Remember, if you have not personally experienced this situation, please research a company or individual who has dealt with scope creep and provide a brief overview of their situation. Be sure to copy/paste the link from which you retrieved the information)arrow_forwardCan you distinguish between inherent and control risk?arrow_forwardSenior management at Health Network allocated funds to support a risk mitigation plan, and have requested that the risk manager and team create a plan in response to the deliverables produced within the earlier phases of the project. The risk mitigation plan should address the identified threats described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop this new plan.arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning