Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 4

Davonte Brown

NT2580: Unit 6 Quantitative and Qualitative Risk Assessment

Qualitative Risk Assessment
Single loss expectancy (SLE): Total loss expected from a single incident
Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year
Annual loss expectancy (ALE): Expected loss for a year
Safeguard alue: !ost of a safeguard or control
Scenario: Ric"man #nestments proides "ig"$end smartp"ones to seeral employees% T"e alue of
eac" smartp"one is &'(() and approximately *)((( employees "ae t"ese company$o+ned deices% #n
t"e past year) employees "ae lost or damaged ,' smartp"ones%
With this information, calculate the following:
SLE - .&'((%((...........
ARO - ..,'.........
ALE - ...&/,)'((%((.........
Ric"man is considering buying insurance for eac" smartp"one% 0se t"e ALE to determine t"e usefulness
of t"is safeguard% 1or example) Ric"man could purc"ase insurance for eac" deice for &2' per year% T"e
safeguard alue is &2' 3 *)((( deices) or &2')(((% #t is estimated t"at if t"e insurance is purc"ased) t"e
ARO +ill decrease to '% S"ould t"e company purc"ase t"e insurance4
etermine the effectiveness of the safeguar!:
!urrent ALE - ..&/,)'((............
ARO +it" control - '
ALE +it" control - ..2)'((..........
Saings +it" control - ...../')(((...... (!urrent ALE $ ALE +it" control)
Safeguard alue (cost of control) - &2')(((
Reali5ed saings - ..*()(((........... (Saings +it" control $ safeguard alue)
Shoul! Richman "u# the insurance$ E%&lain #our answer'
T"e deice are insured lessens t"e annual rate of occurrence by 6(7 and offers a saing of
!TT "du#ational $ervi#es %a&e '
Davonte Brown
NT2580: Unit 6 Quantitative and Qualitative Risk Assessment
!TT "du#ational $ervi#es %a&e 2
Davonte Brown
NT2580: Unit 6 Quantitative and Qualitative Risk Assessment
Qualitative Risk Assessment
8robability: T"e li9eli"ood t"at a t"reat +ill exploit a ulnerability% 8robability can use a scale of lo+)
medium) and "ig") assigning percentage alues to eac"%
#mpact: T"e negatie result if a ris9 occurs% :ou can use lo+) medium) or "ig" to describe t"e impact%
:ou can calculate t"e ris9 leel using t"e follo+ing formula:
Risk Level = (ro"a"ilit# X )m&act
Scenario: Ric"man #nestments is concerned about t"e security of its customer data% ;anagement "as
determined t"at t"e t"ree primary ris9s t"e company faces in protecting t"e data are as follo+s:
0naut"ori5ed access by an external party
Sabotage by an internal employee
<ard+are failures
Ric"man "as created scales for t"e probability and impact of ris9s as follo+s:
(ro"a"ilit#: Lo+ - *(7) ;edium - '(7) and <ig" - *((7
)m&act: Lo+ - *() ;edium - '() and <ig" - *((
After sureying 9ey indiiduals in t"e company) Ric"man calculated t"e probability and impact of eac"
ris9) as s"o+n in t"e table belo+% *ase! on the information given a"ove, calculate the risk level for
each risk:
+ategor# (ro"a"ilit# )m&act Risk Level
0naut"ori5ed access by an external party 2' '(
Sabotage by an internal employee ,' *((
<ard+are failures /( 2'
Which risk has the highest risk level$ .........................
(rioriti,e the risks from high to low:
8riority *:
8riority 2:
8riority /:
!TT "du#ational $ervi#es %a&e (
Davonte Brown
NT2580: Unit 6 Quantitative and Qualitative Risk Assessment
:ou need to present t"e data grap"ically to senior management in t"e form of a ris9 matrix% A sample ris9
matrix is s"o+n belo+:
+om&lete the following risk matri% "ase! on #our !ata:
!TT "du#ational $ervi#es %a&e )

You might also like