Scribd Logo
Upload

Welcome to Scribd!

  • Tutorial - Excersise

    Uploaded by

    Jayath Gayan
    9 views2 pages

    Original Title

    Tutorial - Excersise(1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9 views2 pages

    Tutorial - Excersise

    Uploaded by

    Jayath Gayan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Exercise (Week 10 - Tutorial)

    You are tasked with conducting a quantitative risk assessment for a local software
    developing organization. Key information about the organization is given and you shall
    use the provided data tables for your calculations. Calculate SLE, ALE and propose
    countermeasures for each scenario. Calculate countermeasure cost/benefit analysis by
    calculating the difference between the ALE prior to implementing the countermeasure
    to the ALE after implementing the countermeasures.
    In each section you can introduce your suggestions (assets, risk factors & threat
    scenarios)
    Note: Each team will get different answers for latter calculations. Why? Clearly state
    your assumptions.

    Part 1
    TechnoCode Pvt Ltd. is a small software developing company. An initial evaluation was
    done to identify critical assets of the organization along with their values.

     Customer Information Server - Rs. 350,000/=


     Software Developing Platform Server - Rs. 750,000/=
     Middleware Platform (Software) with licensed OS - Rs. 800,000/=
     Patented Software Design Blueprints - Rs. 1,000,000/=
     Senior Software Developer (Team Leader) - Rs. ……………………………
     ……………………………………………………………………………………………………….
     ……………………………………………………………………………………………………….

    A vulnerability study has indicated that the following 5 are the top risk factors.

     DoS Attack for Servers


     Virus Attacks for Software
     Intellectual Property Theft
     ………………………………………..
     ………………………………………..
     ………………………………………..
    Data Table
    Following information is extracted from various security sources.
    Risk/Threat Scenario Source ARO Exposure Factor
    Denial of Service CSI 0.4 22%
    Virus Infection Symantec 0.28 15%
    Theft of Intellectual CSI 0.20 8%
    Property

    Part 2
     Calculate SLE for each Threat Scenario
     Calculate ALE for each Threat Scenario
     Suggest Suitable Countermeasures for each threat
     Conduct the Safeguard Cost/Benefit Analysis
     Suggest implementation of countermeasures according to their priority & ROI

    Note: You may use SANS guide to Quantitative Analysis white-paper for reference

    Discuss your results with your colleagues. How can we incorporate


    these findings to a qualitative analysis?

    You might also like