Question

In: Computer Science

Why have some values changed in the Cost per Incident and Frequency of Occurrence columns? How...

Why have some values changed in the Cost per Incident and Frequency of Occurrence columns? How could a control affect one but not the other? Assume that the values in the Cost of Control column are unique costs directly associated with protecting against the threat. In other words, don’t consider overlapping costs between controls. Calculate the CBA for the planned risk control approach in each threat category. For each threat category, determine whether the proposed control is worth the costs.

Threat Category

SLE

Frequency of occurrence

Cost of Control

Type of Control

Programmer mistakes

$5,000

1 per week

$20,000

Training

Loss of intellectual property

$75,000

1 per year

$15,000

Firewall/IDS

Software piracy

$500

1 per week

$30,000

Firewall/IDS

Theft of information (hacker)

$2,500

1 per quarter

$15,000

Firewall/IDS

Theft of information (employee)

$5,000

1 per 6 months

$15,000

Physical security

Web defacement

$500

1 per month

$10,000

Firewall

Theft of equipment

$5,000

1 per year

$15,000

Physical security

Viruses, worm, trojan horses

$1,500

1 per week

$15,000

Antivirus

Denial-of-service attack

$2,500

1 per quarter

$10,000

Insurance/backups

Earthquake

$250,000

1 per 20 years

$5,000

Insurance/backups

Flood

$250,000

1 per 10 years

$10,000

Insurance/backups

Solutions

Expert Solution

 The values have changed in the columns Cost per Incident and Frequency of Occurrence because controls have been put in place and this minimizes the risk and it will prevent occurrence.

 A control could affect one factor and not the other as some controls can only reduce the frequency and not the cost. Let’s consider Software Piracy. After putting firewall/IDS in place, it can surely reduce the frequency of attacks, but in case an attack occurs, firewall cannot reduce the cost per incident.

CBA = ALE (prior) – ALE (post) – ACS (annualized cost of the safeguard)


Related Solutions

How have sports changed since the 1940s? Are some of the issues raised in the film...
How have sports changed since the 1940s? Are some of the issues raised in the film still present?
What are some different reasons that scholars have given for the occurrence of revolutions?
What are some different reasons that scholars have given for the occurrence of revolutions?
Danny's MegaHouse has property insurance on a replacement cost basis with a $5,000 per occurrence deductible....
Danny's MegaHouse has property insurance on a replacement cost basis with a $5,000 per occurrence deductible. It can install automatic sprinklers in its warehouse for an initial cost of $10,000. The sprinklers will last five years. Annual maintenance of the sprinklers will be $1,000, payable at the end of each year for the first four years from the time of installation. If Wood installs the sprinklers, it will deduct one-fourth of the installation price at the end of each year...
1(a). Discuss why it is possible to have the central core, the main columns and the...
1(a). Discuss why it is possible to have the central core, the main columns and the floor slab construction to be constructed separately in the “RC-Steel Composite” structural system, and whether it is necessary for the construction processes to be planned in the way like this. (b) With reference to a), discuss with the aid of sketch(es) the appropriate way(s) to illustrate the planning of construction works for typical floors of common “RC- Steel Composite” structural system.
The counts per second (cps) changes when the spot size is changed. Why? The counts per...
The counts per second (cps) changes when the spot size is changed. Why? The counts per second (cps) also changes when kV is changed. Why? In general, which parameter would you change, spot size or kV, to increase the counts per second? Why? This is when using an Scanning Electron Microscopy (SEM) or Energy Dispersive Spectroscopy (EDS).
How have regulation of securities industries changed?
How have regulation of securities industries changed?
Discuss how dress code standards for health care companies have changed over the years. Identify some...
Discuss how dress code standards for health care companies have changed over the years. Identify some of the current standards that you believe will change in the near future and explain why.
What is the incident command system (ICS)? How does it work and why is it a...
What is the incident command system (ICS)? How does it work and why is it a good basis for National Incident Management System in USA
How has demand been effected during the times in COVID 19, why have things changed?
How has demand been effected during the times in COVID 19, why have things changed?
Is a rule's frequency a reliable factor to determine how effective it is? Why or why...
Is a rule's frequency a reliable factor to determine how effective it is? Why or why not? Provide an example to support your answer.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT