Cost benefit analysis (cba)-information security, Computer Network Security

Assignment Help:

Cost Benefit Analysis (CBA)

The common approach for information security controls is economic feasibility of implementation. CBA is begun by evaluating the worth of assets which are to be protected and the loss in value if those assets are compromised. The formal manner to document this is called as cost benefit analysis or economic feasibility study. Items which impact cost of a control or safeguard include: cost of development; implementation cost; service costs; training fees; cost of maintenance.

Benefit is the value an organization realizes by using controls to avoid losses associated with vulnerability. Asset valuation is the process of assigning financial value or worth to every information asset; there are several components to asset valuation.

Once worth of various assets is anticipated, potential loss from exploitation of vulnerability is examined. Process results in approximation of potential loss per risk. Expected loss per risk stated in equation given below:

Annualized loss expectancy (ALE) equals Single loss expectancy (SLE) TIMES Annualized rate of occurrence (ARO),Here SLE is equal to asset value times exposure factor (that is EF).


Related Discussions:- Cost benefit analysis (cba)-information security

Security clearances-information security, Security Clearances For a secu...

Security Clearances For a security clearance in organizations each data user should be assigned a single level of authorization indicating classification level. Before approachi

Balancing security and access-information security, BALANCING SECURITY AND ...

BALANCING SECURITY AND ACCESS Even with best planning and implementation, it is impossible to obtain perfect security, that is, it is a process, not an absolute. Security should

Systems development life cycle security-information security, The Role of t...

The Role of the Investigation The first phase, investigation is the most significant. What problem is the system being developed to solve? During investigation phase, objectives

Token ring, TOKEN RING Many LAN methods that are ring topology need to...

TOKEN RING Many LAN methods that are ring topology need token passing for synchronized access to the ring. The ring itself is acts as a single shared communication phase. Both

What is meant by certificate revocation, QUESTION (a) Which PKI (Public...

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Mitigate risks in an information security management system, Question: ...

Question: (a) What are the various options to mitigate risks in an Information Security Management System (ISMS)? For each option specify an instance where it can be used.

Describe the use of control channels in gsm network, Problem 1: What is...

Problem 1: What is the function of AUC in the GSM architecture? Explanation of HLR(AUC) Architecture of GSM Problem 2: Show the layered architecture of t

Udp encapsulation, UDP ENCAPSULATION As given in the figure below, UDP...

UDP ENCAPSULATION As given in the figure below, UDP packet is included in IP datagram and the IP datagram is then attached in the Frame.

Arrangement of self-learning switches, QUESTION a) Consider the speed ...

QUESTION a) Consider the speed of propagation of an electrical signal is same to 2x10 8 m/s, evaluate the ratio of the propagation delay to the transmit time for the given typ

Tree decomposition, (a) Define what you understand by the following terms ...

(a) Define what you understand by the following terms in Network Flows: i) UnDirected Path ii) Directed Path iii) Directed Cycle. iv) Tree In each of the above, expla

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd