Question: a. Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table, calculate the ARO and
a. Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table, calculate the ARO and ALE for each threat category the company faces for this project. Threat Category Cost per Incident (SLE) Frequency of Occurrence ARO ALE Programmer mistakes $5,000 1 per week Loss of intellectual property $75,000 1 per year Software piracy $500 1 per week Theft of information (hacker) $2,500 1 per quarter Theft of information (employee) $5,000 1 per 6 months Web defacement $500 1 per month Theft of equipment $5,000 1 per year Viruses, worms, Trojan horses $1,500 1 per week Denial-of-service attacks $2,500 1 per quarter Earthquake $250,000 1 per 20 years Flood $250,000 1 per 10 years Fire $500,000 1 per 10 years b. What process and methods might be used to develop the values in the table above? Describe 3 methods that might be used to determine cost per incident and frequency of occurrence. c. Assume that a year has passed and XYZ has improved security by applying several controls. Using the information from the question above, and the following table, calculate the Post-Control ARO and ALE for each threat category listed. Determine whether the proposed control is worth the costs. Threat Category Cost per Incident Frequency of Occurrence Cost of Control Type of Control SLE Post-Control ARO Post-Control ALE CBA Worth the cost? Programmer mistakes $5,000 1 per month $20,000 Training Loss of intellectual property $75,000 1 per 2 years $15,000 Firewall/ IDS Software piracy $500 1 per month $30,000 Firewall/ IDS Theft of information (hacker) $2,500 1 per 6 months $15,000 Firewall/ IDS Theft of information (employee) $5,000 1 per year $15,000 Physical security Web defacement $500 1 per quarter $10,000 Firewall Theft of equipment $5,000 1 per 2 years $15,000 Physical security Viruses, worms, Trojan horses $1,500 1 per month $15,000 Antivirus Denial-of-service attacks $2,500 1 per 6 months $10,000 Firewall Earthquake $250,000 1 per 20 years $5,000 Insurance/ backups Flood $50,000 1 per 10 years $10,000 Insurance/ backups Fire $100,000 1 per 10 years $10,000 Insurance/ backups
**With Steps please
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts