Quantitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Exposure Factor (EF): the subjective, potential percentage of loss to a specific asset if a specific threat is realized. Annual rate of occurrence (ARO): Number of times an incident is expected to occur in one year Annual loss expectancy (ALE): Expected loss for one year SLE = Asset Value x EF (as a percentage - for example, EF = 15% means multiply the asset value x 0.15) ALE = SLEX ARO Safeguard value: Cost of a safeguard or control Scenario 1: Eagle Investments provides high-end smartphones to 150 of their 3000 employees. The value of each smartphone is $900 (its asset value, or AV). Richman has determined that in the past four months, they have had data intercepted from these phones 30 times. They have determined that their exposure factor (EF) is 40%. Note that it IS indeed possible to calculate the ALE without including the EF, but here you are given the EF, so you must use it. With this information, calculate the following and enter the answers into the following table: Show Calculation Result Prior SLE Prior ARO Prior ALE Eagle is considering purchasing a VPN service and its software for each smartphone. Use the ALE to determine the usefulness of this safeguard. For example, Eagle could purchase the VPN solution (service and software) for each device for $60 per year. The safeguard value is $60 X 150 devices, or $9,000 total. It is estimated that if the solution is purchased, the ARO will decrease to 50. Fill in the table below to determine if Eagle should purchase the VPN solution or not. Enter your subsequent in the table below and show your work in the "Calculation" column. If you don't show the calculation in that column (i.e., you just type in the result of the calculation, you will receive a zero for that entry (each of which is worth 2 points). Calculation Result 55 20% New ARO with control (given to you) New EF (given to you) New SLE with control in place New ALE with control in place Savings with control (prior ALE - ALE with control) Safeguard value (cost of control - given to you) FINAL CALCULATION - Realized savings (savings with control - safeguard value) $9,000 Should Eagle buy the VPN solution? Explain your answer, including any realized savings or loss in your