Suppose XYZ Software Company has a new application development project, with projected revenues of $1,200,000. Using the following table, calculate the ARO and ALE for each threat category that XYZ Software Company faces for this project. 2. How might XYZ Software Company arrive at the values in the above table? For each entry, describe the process of determining the cost per incident and frequency of occurrence. 3. Assume a year has passed and XYZ has improved security by applying a number of controls. Using the information from Exercise 1 and the following table, calculate the post-control ARO and ALE for each threat category listed. Why have some values changed in the columns Cost per Incident and Frequency of Occurrence? How could a control affect one but not the other? Assume the values in the Cost of Control column presented in the table are those unique costs directly associated with protecting against that threat. In other words, don't worry about overlapping costs between controls. Calculate the CBA for the planned risk control approach for each threat category. For each threat category, determine if the proposed control is worth the costs