Ebidding company has a ecommerce website that generate $500,000 per year. Calculate the annualized rate of occurrence (ARO) and annualized loss expectancy (ALE) for each risk:
|
Category
|
Cost per incident
|
Frequency of occurrence
|
|
Programming errors
|
$1,000
|
2 per week
|
|
Information theft(hacker)
|
$2,000
|
1 per quarter
|
|
Information theft(employee)
|
$5,000
|
1 per year
|
|
Viruses
|
$1,000
|
1 per year
|
|
Denial of service attacks
|
$3,500
|
1 per 6 month
|
|
Natural diaster
|
$100,000
|
1 per 20 years
|
Note: read background materials, and also make sure to convert frequency of occurrence to yearly base.
One year past, calculate the cost and benefit of controls that have been in place.
|
Category
|
Cost per incident
|
Frequency of occurrence
|
Cost of control
|
Type of control
|
|
Programming errors
|
$1,000
|
2 per week
|
$2500
|
Training
|
|
Information theft(hacker)
|
$2,000
|
1 per quarter
|
$10,000
|
Firewall
|
|
Information theft(employee)
|
$5,000
|
1 per year
|
$10,000
|
Physical security
|
|
Viruses
|
$1,000
|
1 per year
|
$10,000
|
Anti-virus
|
|
Denial of service attacks
|
$3,500
|
1 per 6 month
|
$10,000
|
Firewall
|
|
Natural diaster
|
$100,000
|
1 per 20 years
|
$15,000
|
Insurance
|