Richman Investments provides high-end smartphones to several employees. In the past year, 35 phones were lost or damaged out of 10,000 employees. Calculating the single loss expectancy (SLE) as $500, annual rate of occurrence (ARO) as 35, and annual loss expectancy (ALE) as $17,500. Richman is considering insuring each phone for $25 per year, costing $25,000 total. This would decrease the ARO to 1 and ALE to $2,500, saving $15,000. The realized savings of $10,000 makes the insurance worthwhile.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
0%(2)0% found this document useful (2 votes)
2K views4 pages
NT2580, Week6 Assignment 2
Richman Investments provides high-end smartphones to several employees. In the past year, 35 phones were lost or damaged out of 10,000 employees. Calculating the single loss expectancy (SLE) as $500, annual rate of occurrence (ARO) as 35, and annual loss expectancy (ALE) as $17,500. Richman is considering insuring each phone for $25 per year, costing $25,000 total. This would decrease the ARO to 1 and ALE to $2,500, saving $15,000. The realized savings of $10,000 makes the insurance worthwhile.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4
Davonte Brown
NT2580: Unit 6 Quantitative and Qualitative Risk Assessment
Analysis Qualitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year Annual loss expectancy (ALE): Expected loss for a year ALE = SLE X ARO Safeguard alue: !ost of a safeguard or control Scenario: Ric"man #nestments proides "ig"$end smartp"ones to seeral employees% T"e alue of eac" smartp"one is &'(() and approximately *)((( employees "ae t"ese company$o+ned deices% #n t"e past year) employees "ae lost or damaged ,' smartp"ones% With this information, calculate the following: SLE - .&'((%((........... ARO - ..,'......... ALE - ...&/,)'((%((......... Ric"man is considering buying insurance for eac" smartp"one% 0se t"e ALE to determine t"e usefulness of t"is safeguard% 1or example) Ric"man could purc"ase insurance for eac" deice for &2' per year% T"e safeguard alue is &2' 3 *)((( deices) or &2')(((% #t is estimated t"at if t"e insurance is purc"ased) t"e ARO +ill decrease to '% S"ould t"e company purc"ase t"e insurance4 etermine the effectiveness of the safeguar!: !urrent ALE - ..&/,)'((............ ARO +it" control - ' ALE +it" control - ..2)'((.......... Saings +it" control - ...../')(((...... (!urrent ALE $ ALE +it" control) Safeguard alue (cost of control) - &2')((( Reali5ed saings - ..*()(((........... (Saings +it" control $ safeguard alue) Shoul! Richman "u# the insurance$ E%&lain #our answer' T"e deice are insured lessens t"e annual rate of occurrence by 6(7 and offers a saing of *()(((.............................................................................. .................................................................................... !TT "du#ational $ervi#es %a&e ' Davonte Brown NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis .................................................................................... .................................................................................... ..... !TT "du#ational $ervi#es %a&e 2 Davonte Brown NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis Qualitative Risk Assessment 8robability: T"e li9eli"ood t"at a t"reat +ill exploit a ulnerability% 8robability can use a scale of lo+) medium) and "ig") assigning percentage alues to eac"% #mpact: T"e negatie result if a ris9 occurs% :ou can use lo+) medium) or "ig" to describe t"e impact% :ou can calculate t"e ris9 leel using t"e follo+ing formula: Risk Level = (ro"a"ilit# X )m&act Scenario: Ric"man #nestments is concerned about t"e security of its customer data% ;anagement "as determined t"at t"e t"ree primary ris9s t"e company faces in protecting t"e data are as follo+s: 0naut"ori5ed access by an external party Sabotage by an internal employee <ard+are failures Ric"man "as created scales for t"e probability and impact of ris9s as follo+s: (ro"a"ilit#: Lo+ - *(7) ;edium - '(7) and <ig" - *((7 )m&act: Lo+ - *() ;edium - '() and <ig" - *(( After sureying 9ey indiiduals in t"e company) Ric"man calculated t"e probability and impact of eac" ris9) as s"o+n in t"e table belo+% *ase! on the information given a"ove, calculate the risk level for each risk: +ategor# (ro"a"ilit# )m&act Risk Level 0naut"ori5ed access by an external party 2' '( Sabotage by an internal employee ,' *(( <ard+are failures /( 2' Which risk has the highest risk level$ ......................... (rioriti,e the risks from high to low: 8riority *: 8riority 2: 8riority /: !TT "du#ational $ervi#es %a&e ( Davonte Brown NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis :ou need to present t"e data grap"ically to senior management in t"e form of a ris9 matrix% A sample ris9 matrix is s"o+n belo+: +om&lete the following risk matri% "ase! on #our !ata: !TT "du#ational $ervi#es %a&e )