Module 1 - SLP
INFORMATION SECURITY SYSTEM RISK MANAGEMENT
This assignment requires you to do a cost and benefit analysis for the following company. You will need to study carefully the cost and benefit calculation section at "Home" of module 1.
Ebidding company has a ecommerce website that generate $500,000 per year. Calculate the annualized rate of occurrence (ARO) and annualized loss expectancy (ALE) for each risk:
Category Cost per incident Frequency of occurrence
Programming errors $1,000 2 per week
Information theft(hacker) $2,000 1 per quarter
Information theft(employee) $5,000 1 per year
Viruses $1,000 1 per year
Denial of service attacks $3,500 1 per 6 month
Natural diaster $100,000 1 per 20 years
Note: read background materials, and also make sure to convert frequency of occurrence to yearly base.
One year past, calculate the cost and benefit of controls that have been in place.
Category
Cost per incident
Frequency of occurrence
Cost of control Type of control
Programming errors $1,000 2 per week $2500 Training
Information theft(hacker) $2,000 1 per quarter $10,000 Firewall
Information theft(employee) $5,000 1 per year $10,000 Physical security
Viruses $1,000 1 per year $10,000 Anti-virus
Denial of service attacks $3,500 1 per 6 month $10,000 Firewall
Natural diaster $100,000 1 per 20 years $15,000 Insurance