An organization determines that the probability of unauthorized access to a database that contains personally identifiable...
An organization determines that the probability of unauthorized access to a database that contains personally identifiable information (PII) about its clients and employees is 5% in a year. The total estimate of the loss due to this exposure is estimated to be 5 million dollars. This includes losses resulting from loss of reputation, business operations, fines imposed by FCC, legal fees.
After consulting with a security firm, a product was identified that could implement stronger access control and that could allow security administrator to track such an unauthorized access. The total cost of the product is $500,000, plus $10,000/year for maintenance. The product should work well for next five years. It is estimated that, if implemented, it will protect from 90% of all such attacks.
We want to know whether the organization should purchase this product.
What is the Single Loss Expectancy (SLE)? $
(Please enter digits only)
What is the Annualized Rate of Occurrence (ARO)? %
What is the calculated Annualized Loss Expectancy (ALE)? $ (Please enter digits only)
What would be the ARO if the countermeasure is implemented? %
What would be the corresponding ALE? $ (Please enter digits only)
What is the countermeasure cost for a year? $ (Please enter digits only)
Should the organization purchase this product? (Please enter Yes or No)
Homework Answers
Asset Value (AV) (assumed)=510,000 USD
Exposure Factor (EF) = 5%
(1) SLE =AV*EF=(510000*5)/100=25500
Total Loss due to this exposure = 5M USD= 50,00,000
Rate of Occurrence (RO in 5 years)=50,00,000/25500=196.5
(2) Annualized Rate of Occurrence=((197/5)/197)*100=20% 0r 40
(3) Annualized Loss Expectancy (ALE)=SLE*ARO= (25500)=25,000*40=10,00.000
After counter measures 90% will not happen so (197*10)/100=20
(4) ARO after counter measure= 20/5=4 or (4/20)*100= 20%
(5) ALE after counter measures= 25500*4=1,02,000
(6) Cost of counter measure is 5,00,000*(5*10,000)=5,50,000 USD for five years.
(7) Yes, The organization should buy this product as loss is reduced.
Add Answer to:
An organization determines that the probability of unauthorized
access to a database that contains personally identifiable...
please make your answer clear A03: Quantitative and Qualitative Risk Assessment Analysis Quantitative Risk Assessment Single...
please make your answer clear
A03: Quantitative and Qualitative Risk Assessment Analysis Quantitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Annual rate of occurrence (ARO Number of times an incident is expected to occur in a year Annual loss expeclanay (ALE:Expected loss for a yeir ALE SLEARO Safeguard value: Cost of a safeguard or control Scenario 1: Destitute Oil Corporation has 50 gas stations around the country each with 8 gas pumps. The gas...
Tamarisk’s Steelers Inc. (MSI) is a steel manufacturing company located in Ontario. On November 1, 2018,...
Tamarisk’s Steelers Inc. (MSI) is a steel manufacturing company located in Ontario. On November 1, 2018, MSI acquired land on which it constructed a facility for steel manufacturing purposes. Since its manufacturing process produces excessive waste, the government of Ontario has imposed a requirement for MSI to clean up property. As part of its agreement with the province of Ontario, MSI is allowed to operate on this site for only 15 years after which time MSI estimates it will need...
d. 66. The objectives of internal control are to a. control the internal organization of the...
d. 66. The objectives of internal control are to a. control the internal organization of the accounting department personnel and equipment b. provide reasonable assurance that assets are safeguarded and used for business purposes, business information is accurate, and laws and regulations are complied with c. prevent fraud, and promote the social interest of the company d. provide control over "internal-use only reports and employee internal conduct 67. A necessary element of internal control is a. database b. systems design...
1. The access code for a car's security system consists of four digits. be zero and...
1. The access code for a car's security system consists of four digits. be zero and the last digit must be even. How many different codes are consists of four digits. The first digit cannot many different codes are available? 2. Decide whether each object is a permutation or a combination a) a telephone number b) a social security number c) a hand of cards in poker d) a committee of politicians e) the "combination" on a student gym locker...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
23. What is the total net amount of capital gain reported on Form 1040? OA. $308...
23. What is the total net amount of capital gain reported on
Form 1040? OA. $308 OB. $2,411 C. $2,719 OD. $2,900
Advanced Scenario 7: Mark and Barbara Matthews Directions Using the tax software, complete the tax return, including Form 1040 and all appropri- ate forms, schedules, or worksheets. Answer the questions following the scenario. Note: When entering Social Security numbers (SSNs) or Employer Identification Numbers (EINS), replace the Xs as directed, or with any four digits of your choice....
It is based on the multiple-choice question pasted below. Use the current 21 percent tax rate....
It is based on the multiple-choice question pasted below. Use the current 21 percent tax rate. (28) in the current year, Acom, Inc., had the following items of income and expense! Sales $500,000 Cost of sales 250,000 Dividends received 25,000 The dividends were received from a corporation of which Acom owns 30%. In Acom's current yoar income tax rotum, what amount should be reported as income before special deductions? A. $525.000 B. $508,750 C. $275,000 D. $250.000 The correct answer...
Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee
1. Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A. Management's failure to renegotiate unfavorable long-term purchase commitments.B. Recurring operating losses that may indicate going concern problems.C. Evidence of a lack of objectivity by those responsible for accounting decisions.D. Management's current plans to reduce its ownership equity in the entity. 2. After obtaining an understanding of internal control and arriving at a preliminary assessed level...
I need help with my very last assignment of this term PLEASE!!, and here are the instructions: After reading Chapter T...
I need help with my very last assignment of this term
PLEASE!!, and here are the instructions: After reading Chapter Two,
“Keys to Successful IT Governance,” from Roger Kroft and Guy
Scalzi’s book entitled, IT Governance in Hospitals and Health
Systems, please refer to the following assignment instructions
below.
This chapter consists of interviews with executives
identifying mistakes that are made when governing healthcare
information technology (IT). The chapter is broken down into
subheadings listing areas of importance to understand...
How can we assess whether a project is a success or a failure? This case presents...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
please make your answer clear
A03: Quantitative and Qualitative Risk Assessment Analysis Quantitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Annual rate of occurrence (ARO Number of times an incident is expected to occur in a year Annual loss expeclanay (ALE:Expected loss for a yeir ALE SLEARO Safeguard value: Cost of a safeguard or control Scenario 1: Destitute Oil Corporation has 50 gas stations around the country each with 8 gas pumps. The gas...
d. 66. The objectives of internal control are to a. control the internal organization of the accounting department personnel and equipment b. provide reasonable assurance that assets are safeguarded and used for business purposes, business information is accurate, and laws and regulations are complied with c. prevent fraud, and promote the social interest of the company d. provide control over "internal-use only reports and employee internal conduct 67. A necessary element of internal control is a. database b. systems design...
1. The access code for a car's security system consists of four digits. be zero and the last digit must be even. How many different codes are consists of four digits. The first digit cannot many different codes are available? 2. Decide whether each object is a permutation or a combination a) a telephone number b) a social security number c) a hand of cards in poker d) a committee of politicians e) the "combination" on a student gym locker...
23. What is the total net amount of capital gain reported on
Form 1040? OA. $308 OB. $2,411 C. $2,719 OD. $2,900
Advanced Scenario 7: Mark and Barbara Matthews Directions Using the tax software, complete the tax return, including Form 1040 and all appropri- ate forms, schedules, or worksheets. Answer the questions following the scenario. Note: When entering Social Security numbers (SSNs) or Employer Identification Numbers (EINS), replace the Xs as directed, or with any four digits of your choice....
It is based on the multiple-choice question pasted below. Use the current 21 percent tax rate. (28) in the current year, Acom, Inc., had the following items of income and expense! Sales $500,000 Cost of sales 250,000 Dividends received 25,000 The dividends were received from a corporation of which Acom owns 30%. In Acom's current yoar income tax rotum, what amount should be reported as income before special deductions? A. $525.000 B. $508,750 C. $275,000 D. $250.000 The correct answer...
I need help with my very last assignment of this term
PLEASE!!, and here are the instructions: After reading Chapter Two,
“Keys to Successful IT Governance,” from Roger Kroft and Guy
Scalzi’s book entitled, IT Governance in Hospitals and Health
Systems, please refer to the following assignment instructions
below.
This chapter consists of interviews with executives
identifying mistakes that are made when governing healthcare
information technology (IT). The chapter is broken down into
subheadings listing areas of importance to understand...
How can we assess whether a project is a success or a
failure?
This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
Most questions answered within 3 hours.
-
Write a program to score the paper-rock-scissor game. Each of
two users types in either P,R...
asked 5 minutes ago -
Calculate the equillibrium constent K for a redox reaction that
has E°cell = -.98 V at...
asked 18 minutes ago -
A concave spherical mirror has a radius of curvature of
magnitude 19.6 cm.
(a) Find the...
asked 19 minutes ago -
3. draw a diagram of the magnetic field:
a. around a long straight wire with a...
asked 18 minutes ago -
If you titrated 30.0 mL of 0.1 M HCl with 0.1 M NaOH, indicate
the approximate...
asked 26 minutes ago -
NADH passes electrons into the electron transport chain. List
the carriers that would receive the electrons,...
asked 34 minutes ago -
A cylindrical cable with a resistivity of 1.6x10-8 Ω·m and cross
sectional area of 3x10-5 m^2...
asked 34 minutes ago -
True or False.
A consumer with convex preferences who is indifferent between
the bundles (5,2) and...
asked 38 minutes ago -
A diamond's index of refraction for red light, 656 nm, is 2.410,
while that for blue...
asked 51 minutes ago -
Compare HPLC, SPE, and GC. Identify the differences, the
advantages, and the weaknesses of each method.
asked 52 minutes ago -
Characteristic x-rays emitted by potassium have a wavelength of
0.374 nm. What is the energy of...
asked 55 minutes ago -
there is a function to create two random numbers between 1 and
25 and a function...
asked 1 hour ago