1) Describe one way of computing the impact (loss expectancy) of a threat as a value (in a currency of your choice), where impact combines the seriousness of a threat with the likelihood of it being realized. You may suppose that you have some idea of the cost to your organization if the threat is realized, and also that you have an estimate for the probability of threat realization.
2) How might a financial estimate for threat impact be used to decide whether or not to implement a countermeasure to the threat? What shortcomings are there in taking a purely numerical approach to risk management?
3) Accountability requires every action to be assignable to a single individual. Privacy requires that some actions can be made in an anonymity-preserving way. Are these notions irreconcilable?
Question
Solution Preview
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
A method to estimate the loss in a currency can be established in the following way.First of all, the single loss expectancy is computed as the difference between asset value and exposing factor.
Then the loss of expectancy is the product between annual rate of occurrence and the single loss expectancy.
As numerical example, for an asset value of 50,000 $ and an exposing factor of 10%, SLE is $5,000
Then the annualized loss of expectancy is $5,000 * 3 (for rate of occurrence 3) ==$15,000...
Return to homework library