# Applied Sciences homework help

Applied Sciences homework help. MIS 4850 Systems Security
Week3 Risk Analysis Exercises

Submission instructions:

• Edit this Word file and type in your answers to the questions for Exercise 1 and Exercise 2.
• When done, save the file to your flash disk and upload a copy to the Week3 Risk Analysis Exercises dropbox

Exercise 1
As a junior Security Analyst at Zinder Inc., your boss asked you to perform a classic risk analysis in order to help the company make a decision about whether or not to investing in one of the countermeasures that the company is planning on implementing. The countermeasures are meant to help protect the company’s multifunction server (that has a value of \$15,000) and all the software and databases it host against security attacks. The value of the software and the databases is estimated at \$485,000. In case of a successful attack, it is expected that 80 percent of the asset’s value will be lost. An attack is expected to be successful once every five years. Countermeasure A will cut the amount lost per incident by 75 percent. Countermeasure B will cut the frequency of successful attack in half. Countermeasure A will cost \$30,000 per year, while Countermeasure B will cost \$5,000 per year.
Question 1: Conduct a classic risk analysis using the template below. Note: you need to calculate all the numbers and use them to complete this template (table).

 Base Case Countermeasure A B Asset Value AV \$500,000 \$500,000 \$500,000 Exposure Factor EF 80% 20% 80% Single Loss Expectancy SLE \$400,000 \$100,000 \$400,000 Annualized Rate of Occurrence ARO 20% 20% 10% Annualized Loss Expectancy ALE \$80,000 \$20,000 \$40,000 ALE Reduction for Countermeasure — NA \$60,000 \$40,000 Annualized Countermeasure Cost — NA \$30,000 \$5,000 Annualized Net Countermeasure Value — NA \$30,000 \$35,000

Question 2: Based on the results of the risk analysis, which of the two countermeasures Zinder Inc. should implement (if any). Explain your choice of countermeasure by providing supporting evidence from the result the risk analysis you performed when answering Question 1.
Countermeasure B seems to be the best because:

• Its annualized cost is less costs (\$5000 versus \$30000)
• Its net annualized value is also higher than the net value of A (\$35000 versus \$30000)
• Finally, it cuts the ARO by half from 20% to 10

Exercise 2:
A company has a resource XYZ. If there is a single breach of security, the company may face a fine of \$100,000 and pay another \$20,000 to clean up the breach. Based on statistics gathered by the SANS Government agency, an attack targeting the company’s assets is likely to be successful about once in five years. A proposed countermeasure should cut the frequency of occurrence in half. How much should the company be willing to pay for the countermeasure

Question 1: Use you classic risk analysis skills to complete the template below based on the information provided in this case. Note: you need to calculate all the numbers.

 Base Case With Countermeasure Single Loss Expectancy \$120,000 \$120,000 Annualized Rate of Occurrence 20% (1 in 5 years) 10% (1/2 of base frequency) Annualized Loss Expectancy \$24,000 \$12,000 ALE Reduction for Countermeasure \$12,000

Question 2: Based on the results of the risk analysis, what is the maximum that the company should be willing to pay for the countermeasure? Explain.

The countermeasure’s annualized expected benefit is \$12,000 per year. The company should be willing to pay up to \$12,000 annually but no more. If the countermeasure’s cost is > \$12,000 then, the Annualized net value for the countermeasure will be negative.

Applied Sciences homework help

## Why US?

##### 100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

##### Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

##### Original Writing

We complete all papers from scratch. You can get a plagiarism report.

##### Money Back

If you are convinced that our writer has not followed your requirements, feel free to ask for a refund.