please help with part 1&2 Problem: Part 1 Suppose XYZ Software Company has a new
ID: 3918485 • Letter: P
Question
please help with part 1&2
Problem: Part 1 Suppose XYZ Software Company has a new application development project, with projected revenues of $1,200,000 Expected loss per risk stated in the following equation -Annualized loss expectancy (ALE) - Single loss expectancy (SLE) Problem: Pa Assume a year has passed and XYZ has improved security by applying a number of controls that affected the frequency of occurrence and changed some single loss values. CBA Annualized rate of occurrence (ARO) Exposure factor (EF) ALE SLE x ARO -Is the alternative being evaluated worth cost incurred to control vulnerability? ALE(prior) is annualized loss expectancy of risk before implementation of control ALE(post) is estimated ALE based on control being in place for a period of time ACS is the annualized cost of the safeguard SLE Asset Value x EF 1. Using the following table, calculate ARO and ALE for each threat category that XYZ Software Company faces for this project. CBA ALEprir-ALEpost-ACS Cost perFrequency of SLE ARO ALE Software Company major threat categories for Incident Occurrence new applications development Using the information from Problem 1 and the following table 2. Determine the Single loss expectancy (SLE) for each threat category 3. Calclate the post-control ARO and ALE for each threat category listed. 4 Run the cost benefit analysis and comment whether the solution will reward good $5,000 1 per week 5,000 Programmer mistakes Loss of intellectual property $75,000 1 per year 75,000 oftware piracy Theft of information (hacker) $2,500 1 per quarter 2,500 impact on the company. (Attach your Excel sheet as a proof.) ARD Frequency 1 per month 1 every 2 years 1 per month 2 per year Once a year 1 every 3 months 1 every 2 years Once a year 2 per year 1 every 20 years 1 per 10 years 1 per 10 years ALE port ACS $20,000 $15,000 S30,000 $15,000 $15,000 $18,000 $15,000 $15,000 $17,500 $5,000 $10,000 $10,000 SLE Programmer mistakes Loss of inte lectual property Software piracy Theft of information(hacker) Theft of infomation (employee) Web defacement Theft of equipment Virus, worms, Trojan horses Denial-of-service attacks Earthquake Flood Fire $500 1 per week 500 Theft of information $5,000 1 per 6 months 5,000 (employee) eb defacement $500 1 per month 500 Theft of equipment Virus, worms, Trojan horses $1,500 1 per week 1,500 Denial-of-service attacks Earthquake Flood Fire $5,000 1 per year 5,000 $2,500 1 per quarter 2,500 250,000 1 per 20 years 250,000 $250,000 1 per 10 years 250,000 500,000 1 per 10 years 500,000Explanation / Answer
Suppose XYZ Software Company has a new application development project, with projected revenues of $1,200,000
Using the following table,calcul;ate ARO and ALE for each threat category that XYZ Software Company faces for this project.
Answer Part 1:
For calculating ARO you need to ask your self the frequency of threat in a year.
for example: Programmer mistakes given that 1 per week.
So, how many weeks does a year have = 52 weeks ( approx )
ARO = 52.0
ALE = SLE * ARO
Given in the table SLE = $ 5000
ALE = $5,000 * 52 = $260,000
Repeat the same for other rows in the table.
Hints
1 per 6 months means ARO = 2.0
1 per month means ARO = 12.0
1 per quarter means ARO = 4.0
1 per year means ARO = 1.0
1 per 20 years means ARO = 1/20 = 0.05
1 per 10 years means AR0 = 1/10 = 0.10
Let me know if you have any doubts in calculating the other rows.
----------------------------------
Answer Part2
For part 2
Lets take Programmer Mistakes.
ALE[prior] = $260,000
SLE = $5,000
New ARO = 1 per month = 12.0
ALE[post] = $5,000 * 12.0 = $60,000
CBA = ALE[prior] - ALE[post] - ACS
= $260,000 - $60,000 - $20,000
= $180,000 ( positive value)
= + $180,000
Repeat the same for other rows.
Once Again , let me know if you have doubt in any calculations.
Hope this helps.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.