Risk Analysis Calculation
profile
Week3 Risk Analysis Exercises
Submission instructions:
1) Edit this Word file and type in your answers to the questions for Exercise 1 and Exercise 2.
2) When done, save the file to your flash disk and upload a copy to the Week3 Risk Analysis Exercises dropbox
Exercise 1
As a junior Security Analyst at Zinder Inc., your boss asked you to perform a classic risk analysis in order to help the company make a decision about whether or not to investing in one of the countermeasures that the company is planning on implementing. The countermeasures are meant to help protect the companys multifunction server (that has a value of $15,000) and all the software and databases it host against security attacks. The value of the software and the databases is estimated at $485,000. In case of a successful attack, it is expected that 80 percent of the assets value will be lost. An attack is expected to be successful once every five years. Countermeasure A will cut the amount lost per incident by 75 percent. Countermeasure B will cut the frequency of successful attack in half. Countermeasure A will cost $30,000 per year, while Countermeasure B will cost $5,000 per year.
Question 1: Conduct a classic risk analysis using the template below. Note: you need to calculate all the numbers and use them to complete this template (table).
Base Case
Countermeasure
A
B
Asset Value
AV
$500,000
$500,000
$500,000
Exposure Factor
EF
80%
20%
80%
Single Loss Expectancy
SLE
$400,000
$100,000
$400,000
Annualized Rate of Occurrence
ARO
20%
20%
10%
Annualized Loss Expectancy
ALE
$80,000
$20,000
$40,000
ALE Reduction for Countermeasure
—
NA
$60,000
$40,000
Annualized Countermeasure Cost
—
NA
$30,000
$5,000
Annualized Net Countermeasure Value
—
NA
$30,000
$35,000
Question 2: Based on the results of the risk analysis, which of the two countermeasures Zinder Inc. should implement (if any). Explain your choice of countermeasure by providing supporting evidence from the result the risk analysis you performed when answering Question 1.
Countermeasure B seems to be the best because:
· Its annualized cost is less costs ($5000 versus $30000)
· Its net annualized value is also higher than the net value of A ($35000 versus $30000)
· Finally, it cuts the ARO by half from 20% to 10
Exercise 2:
A company has a resource XYZ. If there is a single breach of security, the company may face a fine of $100,000 and pay another $20,000 to clean up the breach. Based on statistics gathered by the SANS Government agency, an attack targeting the companys assets is likely to be successful about once in five years. A proposed countermeasure should cut the frequency of occurrence in half. How much should the company be willing to pay for the countermeasure
Question 1: Use you classic risk analysis skills to complete the template below based on the information provided in this case. Note: you need to calculate all the numbers.
Base Case
With Countermeasure
Single Loss Expectancy
$120,000
$120,000
Annualized Rate of Occurrence
20% (1 in 5 years)
10% (1/2 of base frequency)
Annualized Loss Expectancy
$24,000
$12,000
ALE Reduction for Countermeasure
$12,000
Question 2: Based on the results of the risk analysis, what is the maximum that the company should be willing to pay for the countermeasure? Explain.
The countermeasures annualized expected benefit is $12,000 per year. The company should be willing to pay up to $12,000 annually but no more. If the countermeasures cost is > $12,000 then, the Annualized net value for the countermeasure will be negative.
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Blog
Archive
Essay
Reviews
Contact
Copyright © 2019 HomeworkMarket.com
