Question

Figure 2-14: Classic Risk Analysis Calculation Asset Value (AV) Exposure Factor (EF) Single Loss Expectancy (SLE) = AV*EF Annualized Rate of Occurrence (ARO) Annualized Loss Expectancy (ALE) = SLE*ARO ALE Reduction for Countermeasure Annualized Countermeasure Cost Annualized Net Countermeasure Value Base Case $100,000 80% $80,000 50% $40,000 NA Countermeasure A B $100,000 $100,000 20% 80% $20,000 $80,000 50% 25% $10,000 $20,000 $30,000 $20,000 $17,000 $4,000 $13,000 $16,000 NA NA

Can anyone please breakdown the calculations done for each row?

And how to calculate in a similar way using the following data:

Suppose a company has an IT asset to protect security. The company is considering 2 different security methods A and B for selection. Your task is to determine which security method is better to use.

You are given the following numbers for a company asset:

Asset Value $250000

Exposure Factor

                                    No security method:      90%

                                    Security method A:        70%

                                    Security method B:        50%

Annualized Rate of Occurrence

                                    No security method:      60%

                                    Security method A:        40%

                                    Security method B:        30%

Annualized Cost of Method

                                    Security method A:        $30000

                                    Security method B:        $40000

Answer 1

solution :

explanation of each row of the table:-

1.ASSET value(AV) = it is the value of asest of which we make analysis

2.exposure factor(EF)= It describle the loss that can be haapen due to threat to asset.

3.single loss expecatancy(SLE) = AV X EF

4.ANNUALIZED RATE OF OCCURANCE(ARO) =it is the estimated of a frequency of a threat that will occured in one year.IT IS done to calculate ALE it is given in question

5.ANNUALIZED LOSS EXPECTANCY (ALE) = SLE XARO

it means potential loss in a year .

6.ALE REDUCTION FOR COUNTER MEASURE :

=ALE IN BASE CASE - ALE IN COUNTER MEASURE A/B

ALE REDUCTION FOR COUNTER MEASURE FOR A = 40,000 -10,000 = 30,000

FOR B = 40,000 -20,000 =20,000

7.ANNUALIZE COUNTER MEASURE COST :ALWAYS GIVEN IS QUESTION .IT IS NOT ONLY PURCHASING COST , MAINTENANCE COST INCLUDED.

8.ANNUALIZE NET COUNTER MEASURE VALUE :

ALE REDUCTION FOR COUNTER MEASURE - ANNUALIZE COUNTER MEASURE COST

[LEARNING NOTES:

RISK analysis is helpful for deliver optimal security at a reasonable price/cost. Risk is depand upon threat related to intigrity , availability and confidentaility of the assest.

here quantative analysis helpful for give a monetary value to thease risk compnent and quantative analysis is done as per above table.]

SOLUTION 2;

SN		BASE CASE	COUNTER MEASURE
A	B
A	ASSEST VALUE (AV)	250,000	250,000	250,000
B	exposure factor(EF)	90%	70%	50%
C	single loss expecatancy(SLE) = AV X EF	225,000	175,000	125,000
D	ANNUALIZED RATE OF OCCURANCE(ARO)	60%	40 %	30 %
E	ANNUALIZED LOSS EXPECTANCY (ALE) = SLE XARO	135,000	70,000	37,500
F	ALE REDUCTION FOR COUNTER MEASURE		65,000 [135000-70,000]	97500 [135000-37500]
G	ANNUALIZE COUNTER MEASURE COST		30,000	40,000
H	ANNUALIZE NET COUNTER MEASURE VALUE[F-G]		35,000	57,500

(HOPE YOU UNDERSTAND CONCEPT IF YOU HAVE ANY DOUBT RELATED TO THIS JUST ASK ME ..AND PLEASE RATE ME IF YOU LIKE MY WORK)