Cost benefit analysis (cba)-information security, Computer Network Security

Assignment Help:

Cost Benefit Analysis (CBA)

The common approach for information security controls is economic feasibility of implementation. CBA is begun by evaluating the worth of assets which are to be protected and the loss in value if those assets are compromised. The formal manner to document this is called as cost benefit analysis or economic feasibility study. Items which impact cost of a control or safeguard include: cost of development; implementation cost; service costs; training fees; cost of maintenance.

Benefit is the value an organization realizes by using controls to avoid losses associated with vulnerability. Asset valuation is the process of assigning financial value or worth to every information asset; there are several components to asset valuation.

Once worth of various assets is anticipated, potential loss from exploitation of vulnerability is examined. Process results in approximation of potential loss per risk. Expected loss per risk stated in equation given below:

Annualized loss expectancy (ALE) equals Single loss expectancy (SLE) TIMES Annualized rate of occurrence (ARO),Here SLE is equal to asset value times exposure factor (that is EF).


Related Discussions:- Cost benefit analysis (cba)-information security

Summarises the firewall protocols, Your rules should ensure that Internet a...

Your rules should ensure that Internet access will be restricted to the following: Only the following services will be permitted as OUTBOUND traffic (to the Internet from the DM

Explain belady''s anomaly, Belady's Anomaly Also known FIFO anomaly. G...

Belady's Anomaly Also known FIFO anomaly. Generally, on raising the number of frames given to a process' virtual storage, the program execution is faster, because lesser page

Explain the approaches to lric modeling, (a) Cost allocation mechanisms ar...

(a) Cost allocation mechanisms are important when it comes to establishing other aspects of inter-firm compensations and how these are transferred to the users. There are two pri

Fragmentation, FRAGMENTATION One method is to limit datagram size to s...

FRAGMENTATION One method is to limit datagram size to smallest MTU of any server. IP needs fragmentation i.e. datagrams can be divided into pieces to fit in network with small

Locality of reference , LOCALITY OF REFERENCE PRINCIPLE:  Principle of...

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

CS, Discuss how developers should apply the following countermeasures to im...

Discuss how developers should apply the following countermeasures to improve the security of their code:

Configuration for 3des, (a) Explain the two possible configuration for 3DE...

(a) Explain the two possible configuration for 3DES. (b) What is the main disadvantage of 3DES? (c) Why are most modern symmetric algorithm block ciphers? (d) Describe

Digital certificates, A Certificate presents an organization in an official...

A Certificate presents an organization in an official digital form. This is same to an electronic identity card which serves the purpose of Identifying the owner of the certificate

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd