Question

1) Describe one way of computing the impact (loss expectancy) of a threat as a value (in a currency of your choice), where impact combines the seriousness of a threat with the likelihood of it being realized. You may suppose that you have some idea of the cost to your organization if the threat is realized, and also that you have an estimate for the probability of threat realization.

2) How might a financial estimate for threat impact be used to decide whether or not to implement a countermeasure to the threat? What shortcomings are there in taking a purely numerical approach to risk management?

3) Accountability requires every action to be assignable to a single individual. Privacy requires that some actions can be made in an anonymity-preserving way. Are these notions irreconcilable?

Solution Preview

This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.

A method to estimate the loss in a currency can be established in the following way.
First of all, the single loss expectancy is computed as the difference between asset value and exposing factor.
Then the loss of expectancy is the product between annual rate of occurrence and the single loss expectancy.
As numerical example, for an asset value of 50,000 $ and an exposing factor of 10%, SLE is $5,000
Then the annualized loss of expectancy is $5,000 * 3 (for rate of occurrence 3) ==$15,000...

This is only a preview of the solution. Please use the purchase button to see the entire solution

Assisting Tutor

Related Homework Solutions

McAfee Antivirus Review Based on Provided Template
Homework Solution
$20.00
McAfee
Anvirus
Review
Template
Full
Name
Type
Product
Associated
Cost
Platform
Resource
Security
Cybercrime
Organization
Vendor
PCMAG
CNET
Link
Criminal
Activity
Performance
Malware
Association
Firewall
Laws and Regulations from Cybercrime and Security
Homework Solution
$50.00
Law
Regulation
Cybercrime
Security
PET
Privacy
Enhancing
Technogloy
PII
Breach
Notification
Letter
European
Union
Data
Protection
Directive
Principle
Personal
Disclosure
NIST
Identifiable
Information
Social
Media
Concept
User
Fa
Information Security Governance - Article Review (1440 words)
Homework Solution
$63.00
Information
Security
Governance
Risk
Management
Assessment
Policy
Standard
Technology
CIO
IT
Culture
Organizational
Recovery
Disaster
Compliance
Core
Evaluation
Procedure
Control
Technical
Summary
Awareness
Safety
COBIT
ISO
Hiera
Security Policy for Home Computer Use (2080 words)
Homework Solution
$75.00
Security
Policy
Computer
Use
Home
Template
Statement
Goal
Hardware
Software
WiFi
Risk
Uncertainty
Probability
Loss
Physical
Electronic
Password
Protection
Modem
Router
Network
Encryption
Firewall
Online
Backup
Recovery
Option
I
Get help from a qualified tutor
Live Chats