Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Steps For this project, assume that an organization has five servers. Server 1 h

ID: 667122 • Letter: S

Question

Steps

For this project, assume that an organization has five servers. Server 1 has a TCO of $25,000, servers 2 and 3 have a TCO of $37,000 each, and the remaining two servers – servers 4 and 5 – have a TCO of $42,000 each. The servers are not used by internal employees but are used by Web visitors. The total income that all five servers brings in is $5 million a year (equally provided by all five servers). Compute the total asset value for each of the five servers.

[RESPONSE]

In order to recover from an attack on any one server, it would take an estimated 14 hours to rebuild servers 1, 2, 3, and 4 and 37 hours to rebuild server 5. If each server is required to be online 8,760 hours a year, compute the EF for each server.

[RESPONSE]

Since the security for the five web servers is moderate, a web attack is estimated to occur once per year. Compute the ARO for a web attack.

[RESPONSE]

What is the ALE for a web attack for each of the five servers?

[RESPONSE]

What is the total ALE for the entire organization for a web attack that damages all five servers at the same time?

[RESPONSE]

Based on the calculated ALE for an attack that damages all five servers, how much should the organization spend on security controls to prevent web attacks on the five servers?

[RESPONSE]

Explanation / Answer

Hi,

Below are the solutins to your problem:

Question 1:

Server 1 has a TCO of $25,000

servers 2 and 3 have a TCO of $37,000 each

The remaining two servers – servers 4 and 5 – have a TCO of $42,000 each.

Hence total TCO of all 5 servers=$104000

Total income provided by all these 5 servers in a year is $5million

For server 1:Total asset value =$5000000 -$25000=497500 million=$49.75 million

For server 2 and 3 :Total asset value=$5000000-$37000=$49.63 million

For server 4 and 5:Total asset value=$5000000-$42000=$49.58 million

Question 2:

Each server is required to be online 8,760 hours a year

It would take an estimated 14 hours to rebuild servers 1, 2, 3, and 4

And 37 hours to rebuild server 5.

Hence the servers 1,2,3,4 are down for for 14 hours out of the potential 8,760 hours a year that they are supposed to be online.

Therefore,the loss of potential business is fourteen hours out of the approximate 8,760 in a year. This equates to a 14/8760 or a 0.015% loss of the Web site asset value; thus, the EF equals 0.0015 .

Hence EF for servers 1,2,3,4 =0.0015

And for server 5 EF is 37/8760=0.04% loss of the web site asses value,thus the EF equals 0.0042

Question 3:

Annualized rate of occurrence (ARO) is the estimated frequency with which a particular threat may occur each year.

Since a web attack is estimated to occur once per year,ARO for this particular threat is estimated at once a year. Overall, this number indicates that a Web site defacement has a 100% chance of occurring in any given year

Thus,ARO is 100% for a web attack mentioned above.

Question 4:

Annualized Loss Expectancy (ALE) :The annualized loss expectancy (ALE) is a formula that helps to calculate the potential financial loss from perceived threats.

Based on the ALE calculation, you can determine which assets hold the greatest value, prioritize the protection of those assets, and determine which security measures will best benefit the business. The formula is:

ALE = SLE * ARO

Where,

Single loss expectancy (SLE) is equal to the asset’s value times the exposure factor.

The first component of SLE, the asset value, is the total monetary amount determined from the TCO, the internal values, and external values as described previously.

The second component, exposure factor (EF), is the percentage of asset loss that is expected from a particular threat.

Therefore:ALE = (Asset value*EF) * ARO

For server 1:

The total asset value for the information offered on the is approximately =$49.75 million(Calculated above)*0.0015=0.074625 or =$74,625

ARO=100%

ALE=$74,265*100%=$74,265 per year

For server 2:

The total asset value for the information offered on the is approximately =$49.63 million(Calculated above)*0.0015=or =$74,445

ARO=100%

ALE=$74,445*100%=$74,445 per year

For server 3:

The total asset value for the information offered on the is approximately =$49.63 million(Calculated above)*0.0015=or =$74,445

ARO=100%

ALE=$74,445*100%=$74,445 per year

For server 4:

The total asset value for the information offered on the is approximately =$49.58 million(Calculated above)*0.0015=or =$74,370

ARO=100%

ALE=$74,370*100%=$74,370 per year

For server 4:

The total asset value for the information offered on the is approximately =$49.58  million(Calculated above)*0.0042=or =$20,823

ARO=100%

ALE=$20,823*100%=$20,823per year

Question 5:

Total ALE for entire organisation=

ALE=SLE * ARO

For SLE

EF=Total hours wasted in rebuilding of all 5 server=96 hours(14*4+37)hours/8760 hours=0.01095=1.1095*$40 million =$44,380

ARO=100%(calculated above)

Therefore

ALE=SLE * ARO=$44,380*100%=$44,3800 for all servers damaged at the same time

Question 6:

Leverage Existing Management and Control Architecture The ALE is derived for the organization’s assets in Step 3 of the risk assessment process; however, the ALE number alone is not useful. The crucial step in the risk assessment process occurs when the ALE is compared to the cost of implementing or maintaining effective security measures. If new security controls are required, security professionals must build a persuasive business case for, or against, implementing new security controls. They do so by financially comparing the possible loss delivered by the ALE equation and the proposed cost of implementing the necessary security measures.

Web site defacement will cost the company approximately $44,3800(calculated above) per year. However, effective security controls implemented on both the Web applications and servers can prevent the reoccurrence of this particular type of Web defacement. The challenge for the company, however, is that implementing and maintaining the mandatory, strict security controls requires approximately 1,040 additional hours a year(say). For a webmaster who makes $30,000 a year, 1,040 hours costs EBS $15,000 per year. Noah can now argue that by mandating the necessary security controls and hiring an additional part-time administrator, EBS can save $10,200 annually. More important to comapny , EBS can increase the overall security of the Web environment.

Hope that helps...HAPPY ANSWERING!!!!!!!!!!!!!!!!!!!!

Related Questions

Stephen Colbert works as a television talk show host. In 2010, Stephen generated
Question #2361628
Stephen Colonnello has a theoretical investment portfolio consisting of one shar
Question #2649001
Stephen Company has the following data for its three stores last year: Store A C
Question #2435411
Stephen Company has the following data for its three stores last year: Store A C
Question #2435428
Stephen Company produces a single product. Last year, the company had 20,000 uni
Question #2362477
Stephen Contractors, Inc. owns several buildings, a large amount of machinery an
Question #2419881
Stephen Cook\'s proof of the NP-completeness of SAT is constructive. Given a Tur
Question #649170
Stephen Fredrick, a pilot for Simmons Airlines Corp., criticized the safety of t
Question #2650306
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Steps 9 & 10: Journalize and Post the July Business Transactions July 1, Bought
Next
Steps and explanation please!! Describe what happens to the power of a study for

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.