Security Plus Notes Essay example

1885 Words Nov 4th, 2014 8 Pages
Chapter 1: Measuring and Weighing Risk
Risk Assessment
Risks to which the organization is exposed
Allows you to develop scenarios that can help evaluate how to deal with risks
Ex. An OS, server, or application may have known risks in certain environments
Create a plan for your organization.
Risks that need addressing
Risk assessment components allows the organization to provide a reality check on real risks and unlikely risks.
Ex. Industrial espionage and theft are likely, but a risk of a pack of dogs stealing contents of payroll files is low, therefore resources should be allocated to prevent espionage. * Computing Risk Assessment
Measurements of risk assessment
Annualized rate of Occurrence (ARO)
This is the
…show more content…
What is ALE?
The SLE equals $90,000 (100,000 x .9), and the ARO is .33. therefpre the ALE is 29,700 ($90,000 x .33).
Your work at the help desk of a small company. One of the most common requests is to help retrieve a file that has been accidentally deleted by the user. On average, this happens once a week. If the user creates the file and then deletes it on the server (about 60% of incidents), then it can be restored in moments from the shadow copy and the is rarely any data lost. If the user creates the file on their workstation and then deletes it, (40% of the time), and if it cannot be recovered and it takes the user and average of two hours to re-create it at $12 an hour, what is the ALE?
The SLE is $24 ($12 x 2), and the ARO is 20.8 (52 weeks x .4). therefore the ALE equals $499.20 (24 x 20.8)
Risk assessment can either be qualitative (opinion based and subjective) or quantitative (cost based and objective). The formulas for SLE, ALE, and ARO are based on assessments that lead to $ amounts so they are quantitative. * Acting on Your Risk Assessment
Risk avoidance
Involves identifying a risk and making the decision to no longer engage in the actions with that risk. Ex: a company decides that many risks are associated with email attachments and decide no email attachments can enter the network.
Risk transference
Share some of the burden of risk with someone else, such as an insurance company. A typical policy would pay you a cash amount if all

Related Documents