Problem: Assume a year passed and XYZ software Co. has improve its security. Using the following table, calculate the SLE, ARO, and the ALE for each category listed.
1. Programer Mistakes
Cost per incident =$5000
Frequency of ocurrence = 1 per month
cost of control= $20,000
type of control = training
2. Loss of intellectual property
cost per incident =$75,000
frequency of occurrence = 1 per 2 years
cost of control = $15,000
type of control = firewall/ids
3. Software piracy
cost per incident = $500
frequency of occurrence = 1 per 2 year
cost of control = $30,000
type of control = firewall/ids
4. Theft of information ( hacker)
cost per incident = $2500
frequency of occurrence = 1 per 6 months
cost of control = $15000
type of control = firewall/ids
5. Theft of information ( employee)
cost per incident = $5000
frequency of ocurrence = 1 per year
cost of control = $15000
type of control = physical security
6. Web defacement
cost per incident = $500
frequency of occurrence = 1 per quarter
cost of control = $10,000
type of control = firewall
7. Theft of equipment
cost per incident = $5000
frequency of occurrence = 1 per 2 year
cost of control = $15000
type of control = physical security
8. Viruses, worms, troyan horses
cost per incident = $1500
frequency of occurrence = 1 per month
cost of control = $15000
type of control = antivirus
9. Denial-of-service attack
cost per incident = $2500
frequency of occurrence = 1 per 6 moths
cost of control = $10000
type of control = firewall
10. Earthquake
cost per incident = $250000
frequency of occurrence = 1 per 20 years
cost of control = $5000
type of control = insurance /backups
11. Floods
cost per incident = $5000
frequency of occurrence = 1 per 10 years
cost of control = $10000
type of control = insurance/backups
12. Fire
cost per incident = $100,000
frequency of occurrence = 1 per 10 year
cost of control = $10,000
type of control = insurance/backups
Why have some values changes on cost per incident and frequency of occurrence?
How could a control affect one but not the other?