as below
ashley0166089_Calculate
Calculate ARO, ALE, and CBA
Learning Objective: Use existing conceptual frameworks to evaluate risk controls, and formulate a cost-benefit analysis.
Assignment Requirements
One year ago, the Mesusa Corporation conducted a threat evaluation and created a list of threats, the cost per incident and the projected frequency of occurrence. During the year, Mesusa decided to implement controls designed to reduce the cost per incidence and the number of threats. The spreadsheet, MesusaControls.xls, indicates the pre-control cost and frequency of occurrence, the cost of controls for each type of threat, and the post-control cost and frequency of occurrence. Calculate the AROs, the ALEs and the CBA for this initiative, and return the completed spreadsheet. You can use the websites linked above to help you out. Please include your name on your spreadsheet posted above before submission.
Submission Requirements
- Format: Microsoft Excel
- Font: Arial, 12-Point
- Help website to facilitate the work:
- http://www.windowsecurity.com/articles-tutorials/misc_network_security/Risk_Assessment_and_Threat_Identification.html
- http://www.pearsonitcertification.com/articles/article.aspx?p=728428&seqNum=4
INSTRUCTOR NOTES
ALE is a common quantitative method for assessing risk.
The first step in calculating ALE is to calculate Single Loss Expectancy (SLE). --> SLE = asset value * exposure factor
ALE is then calculated by multiplying SLE by Annualized Rate of Occurrence (ARO). --> ALE = SLE * ARO
For example, to calculate the exposure factor, assume the asset value of a small office building and its contents is $2 million. Also assume that this building houses the call center for a business, and the complete loss of the center would take away about half of the capability of the company. Therefore, the exposure factor is 50 percent. The SLE is $2 million * 0.5 = $1 million
The ALE is then calculated simply by multiplying the SLE by the number of times the event is expected to occur in a year, which is called the annualized rate of occurrence (ARO): --> ALE = SLE * ARO
Do NOT overthink ARO. If it is weekly, ARO is 52. If the event is expected to occur once in 20 years, then the ARO is 1/20. Typically the ARO is defined by historical data, either from a company’s own experience or from industry surveys. Continuing our example, assume that a fire at this business’s location is expected to occur about once in 20 years. Given this information, the ALE is: $1 million * 1/20 = $50,000.
Therefore, in order to protect the office building the company should spend no more than $50,000 on countermeasures protecting the building from complete loss.
•Office building and contents = $2 million
•Exposure factor 50%
•SLE = $2 million * 0.5 = $1 million
•ALE = SLE * ARO
•ARO = 1/20 (One occurrence every 20 years)
•ALE = $1 million * 1/20 = $50,000
- 7 years ago
- 7
Purchase the answer to view it
- risk_controls_cost-benefit_analysis..xls
- risk_controls_and_cost_benefit_analysis_word.docx
- Question in the Description: The attached files very important to follow
- Ethics and Social Responsibility in Business
- peer response
- Political Parties and the Electoral Process
- DUE IN HOURS - CORRECT FINAL PAPER TO TEACHER NEEDS - HEALTHCARE STATISTICS
- Internal and External Influences on Distribution As you have learned, one of the steps in distribution planning is to assess the internal and external environmental influences affecting your product's distribution.
- for tom
- Affirmative Action
- ONLINE CHEMISTRY 331 FALL 2014
- 10