ANSWER :-
GIVEN DATA
A company has a resource is XYZ.
The company may face a fine = $100,000.
The company clean up breach to pay = $20,000.
Total amount cost by the company = $120,000 .
The company believes that an attack is likely to be successful about once in five years.
A proposed countermeasure should cut the frequency of occurrence in half.
1) Complete the template by using classic risk analysis skills
Base Case | With Countermeasure | |
Single Loss Expectancy Pay Fine : $100,000 Pay for clean up breach : $20,000 |
$120,000 | $120,000 |
Annualized Rate of Occurrence |
Once in 5 years is 20% | Half of base frequency is 10% |
Annualized Loss Expectancy |
$120,000 / 5 = $24,000 | $24,000 / 2 = $12,000 |
Annualized Loss Expectancy Reduction for Countermeasure |
$12,000 |
2) what is the maximum that the company should be willing to pay for the countermeasure and explain by using above result.
Company willing to pay the maximum is $12,000 yearly.
Explanation :-
In the first question, if there is breech in the security then company need to pay the fine of $100,000 and in order to clean the breech the company needs to pay the fine of the $20,000.
So, total amount cost by the company is $120,000.
It is being given that attack comes once in a five year.
So, probability of occurrence of attack is 20% without countermeasures.
It is also being given that countermeasures will reduce the frequency to half.
So, probability of occurrence of attack is 10% with countermeasures.
So, in base case if annualized loss expectancy is considered then amount is $24,000 and with countermeasures, annualized loss expectancy is $12,000.
Countermeasure's annualized expected profit is $12,000.
The organization ought to be ready to pay up to $12,000
yearly.
Exercise 2: A company has a resource XYZ. If there is a single breach of security,...
Can anyone please breakdown the calculations done for each
row?
And how to calculate in a similar way using the following
data:
Suppose a company has an IT asset to protect security. The
company is considering 2 different security methods A and B for
selection. Your task is to determine which security method is
better to use.
You are given the following numbers for a company asset:
Asset Value $250000
Exposure Factor
No security method: 90%
Security method...
please make your answer clear
A03: Quantitative and Qualitative Risk Assessment Analysis Quantitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Annual rate of occurrence (ARO Number of times an incident is expected to occur in a year Annual loss expeclanay (ALE:Expected loss for a yeir ALE SLEARO Safeguard value: Cost of a safeguard or control Scenario 1: Destitute Oil Corporation has 50 gas stations around the country each with 8 gas pumps. The gas...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
Option #2: The Accounting Cycle and Inventory Analysis
Portfolio Project Option #2 is for accounting students who are
intuitive learners by nature. You learn best from abstract
materials like theories and concepts, enjoy challenges, and tend to
be more innovative. For this assignment, you are required to
complete the accounting case for Friday Line in Part 1, Bolton
Consulting in Part 2, and Aranas Manufacturing in Part 3. Follow
the additional instructions provided below. (The templates can be
found in...
please
do all parts!!
Cloud 9 - Continuing Case W&S Partners has just won the January 31, 2023, audit for Cloud 9. The audit team assigned to this client is: • Partner, Jo Wadley • Audit manager, Sharon Gallagher • Audit senior, Josh Thomas • IT audit manager, Mark Batten • Experienced staff, Suzie Pickering • First-year staff, lan Harper As a part of the risk assessment phase for the new audit, the audit team needs to gain an understanding...
1) Discuss the company's top risks? 2) Discuss whether the company treats risk reactively or proactively? 3) Do you observe a lack of understanding of potential exposures? 4) Does the company focus on internal risks or external risks? 5) Do you think the company is well prepared to respond to potential risks? Orange County he t die Following the debocie Orange County o dmorych of control procedures and financial gove nonce and d e setof o n policies December 1994...
Please write
an
1. executive
overview of the above case study.
2. in detail,
what is the critical issue or problem in the above case
study.
3. please
provide a detailed analysis of the cause of the issue or problem in
the above case study.
國connect VIDEO CASE 1 Chobani: Making Greek Yogurt a Household Name Everybody should be able to enjoy a pure, simple cup of yogurt. And that's what Chobani is," says The very first cup for sale...
Monica’s Designer Handbags: Creative Marketing Decision-Making Based on Financial Analysis—A Case Study Michael T. Manion University of Wisconsin – Parkside Karen Crooker University of Wisconsin – Parkside Peter Knight University of Wisconsin – Parkside Monica learned much about the designer apparel trade as an intern with a major retailer, and started a designer handbag business, selling through independent retailers. She practiced making sound marketing decisions using financial analysis techniques learned in college. These techniques proved useful when a regional discount...
Learn to apply your ethical values using the Giving Voice to Value (GVV) method. There are multiple GVV documents in this Module. Review them all. You may do the exercises suggested in the documents but you do not have to post them in Canvas. You will learn how to factor your personal values into your ethical decisions from the method, you will still use the IDEA case analysis method when analyzing the GVV case, The Client Who Fell Through The...
In your judgement, and given only the facts described in this
case, should the management of Massey energy Company be held
morally responsible for the deaths of the 29 miners? Explain in
detail.
Suppose that nothing more is learned about the explosion other
than what is described in this case. Do you think Don Blankership
should be held morally responsible for the deaths of the 29 miners?
Explain in detail.
Given only the facts described in this case, should the...