Module 1 SLP: Information Security System Risk Management
Module 1 - SLP
INFORMATION SECURITY SYSTEM RISK MANAGEMENT
This assignment requires you to do a cost and benefit analysis for the following company. You will need to study carefully the cost and benefit calculation section at "Home" of module 1.
Ebidding company has a ecommerce website that generate $500,000 per year. Calculate the annualized rate of occurrence (ARO) and annualized loss expectancy (ALE) for each risk:
Category Cost per incident Frequency of occurrence
Programming errors $1,000 2 per week
Information theft(hacker) $2,000 1 per quarter
Information theft(employee) $5,000 1 per year
Viruses $1,000 1 per year
Denial of service attacks $3,500 1 per 6 month
Natural diaster $100,000 1 per 20 years
Note: read background materials, and also make sure to convert frequency of occurrence to yearly base.
One year past, calculate the cost and benefit of controls that have been in place.
Category
Cost per incident
Frequency of occurrence
Cost of control Type of control
Programming errors $1,000 2 per week $2500 Training
Information theft(hacker) $2,000 1 per quarter $10,000 Firewall
Information theft(employee) $5,000 1 per year $10,000 Physical security
Viruses $1,000 1 per year $10,000 Anti-virus
Denial of service attacks $3,500 1 per 6 month $10,000 Firewall
Natural diaster $100,000 1 per 20 years $15,000 Insurance
MODULE 1 - SLP INFORMATION SECURITY SYSTEM RISK MANAGEMENT
Name:
Instructor:
Institution:
Date:
According to Bragg (2002), risk management entails all the processes and efforts necessary, so as to assist in the mitigation or reduction of the risks that can compound an organization’s information assets. Risk management entails identification of any risks, evaluation of the risks, and any probabilistic estimation of the risks, before then coming up with the most efficient ways of managing the risk. The assessment and approximations usually go as far as measuring the extent of the risks and the cost of containing them (Wheeler, 2011).
Another crucial aspect of risk management is the estimation of whether a given risk would cost less when efforts are made to contain it, or it would cost less to incur the losses caused by the risk. This is what essentially constitutes a cost-benefit analysis of any imminent risks in a given organization (Agarwal, Campoe& Pierce, 2014). According to Pironti (n.d.), coming up with, and investing in an Information Security and Risk Management (ISRM) Strategy by an organization, is pivotal towards its objectives and overall direction. The strategy helps to align the organization’s long-term goals against its risk profile.
Before venturing to the calculations, it would be better to understand the terminologies, so as to have an easier interpretation of the computations. Single Loss Expectancy (S.L.E.) is what the business incurs financially on a single loss. It is the product of the Value of the Asset and the Exposure Factor. Annualized Rate of Occurrence (A.R.O.) indicates the most likely frequency or expectation that a given risk would recur. Its value usually covers a wide range, from null or never (0) to a huge figure (Feldman, Misenar& Conrad, 2012).
Cost
Frequency
Cost of Control
Nature of Control
SLE
ARO
ALE
Programming Errors
$1000
2 in a week
$2500
Training
1000
104
$104,000
Information Theft via hacking
$2000
1 in one-quarter
$10000
Firewall
2000
4
$8000
Information Theft via Employees
$5000
1 annually
$10000
Physical Se...
π Other Visitors are Viewing These APA Coursework Samples:
- Module 3 SLP: IT Project Roles, Responsibilities, Staffing3 pages/β825 words | 6 Sources | APA | IT & Computer Science | Coursework |
- Module 2 Case: IT Organizations, Projects and Life Cycles4 pages/β1100 words | 8 Sources | APA | IT & Computer Science | Coursework |
- CSC316 Assignment: Database Systems I Module 1 Discussions2 pages/β550 words | 6 Sources | APA | IT & Computer Science | Coursework |
- Module 4 SLP: Relational Algebra And SQL DML Statements2 pages/β550 words | 6 Sources | APA | IT & Computer Science | Coursework |
- Improving Database Design Through Relationship Modeling1 page/β275 words | 5 Sources | APA | IT & Computer Science | Coursework |
- Module 2 SLP: IT Organizations, Projects and Life Cycles2 pages/β550 words | 2 Sources | APA | IT & Computer Science | Coursework |
- Module 3 - SLP Normalization and SQL DDL Statements2 pages/β550 words | 6 Sources | APA | IT & Computer Science | Coursework |