Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Both types -- qualitative and quantitative -- have their advantages and disadvantages. One of the most well-known of the quantitative risk metrics is that that deals with calculation of annual loss expectancy (ALE) (Bojanc & Jerman-Blazoc, 2008). ALE calculation determines the monetary loss associated form a single occurrence of the risk (popularly known as the single loss exposure (SLE)). The SLE is a monetary amount that is assigned to a single event that represents the amount that the organizations will potentiality lose when threatened. For intangible assets, this amount can be quite difficult to assess.
The SLE is calculated by multiplying the monetary value of the asset (AV) with the exposure factor (EF). The EF represents the percentage of loss that a threat can have on a particular asset. The equation, therefore, is thus: SLE=AV*EF. Applying this practically, if the AV of an e-commerce web server is $50,000 and a virus infection caused a loss of 35%, the SLE, in this case, would result in $17, 500.
Once the SLE has...
If nothing is done to mitigate it. The calculation to determine that is ALE= SLE*ARO.
According to Bojanc and Jerman-Blazoc (2008), calculating estimations for SLE or ARO is exceedingly difficult as very few companies track and report risks hence little actuarial data is available. Independent surveys, insurance claim data, or academic research provides the most reliable information.
Reference
Bojanc, R. & Jerman-Blazoc, B. (2008), An economic modelling approach to information security risk management. International Journal of Information Management 28 (2008) 413 -- 422
Chowdhary, A., & Mezzeapelle, M.A. (n.d.) Inforamtion Security metrics. Hewlett Packard.
Pedro, G.L., & Ashutosh, S. (2010). An approach to quantitatively measure Information security 3rd India Software Engineering Conference, Mysore, 25-27
Reference
Bojanc, R. & Jerman-Blazoc, B. (2008), An economic modelling approach to information security risk management. International Journal of Information Management 28 (2008) 413 -- 422
Chowdhary, A., & Mezzeapelle, M.A. (n.d.) Inforamtion Security metrics. Hewlett Packard.
Pedro, G.L., & Ashutosh, S. (2010). An approach to quantitatively measure Information security 3rd India Software Engineering Conference, Mysore, 25-27
Security Breaching in healthcareHow serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?Data breaches are regarded as severe violations of privacy and security. For HIPAA violations, the county prosecutor has the right to file legal actions on the representation of the individuals. When they were informed of the breach, the Kaiser Permanente leadership immediately investigated
VA Security Breach The Veteran's Affairs department has had several notable security breeches in recent years. In one 2006 incident, patient data was downloaded onto an unsecured laptop and stolen. Patient records at the VA were unencrypted at the time. "If data is properly encrypted there is no data breach. The device can be stolen but no data can be accessed" because the thief lacks the 'key' to decode the data
How serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?The e-mail security breach by the KP online Pharmacy was grave because it violated various HIPPA and State laws that protect patients from health information disclosure without prior consent. Moreover, such a breach of confidential and private information could cause harm and affect the patients' dignity.
Internet Risk and Cybercrime at the U.S. Department of Veterans Affairs Internet Risk Cybercrime Today, the mission of the U.S. Department of Veterans Affairs (VA) as taken from President Lincoln's second inaugural address is, "To care for him who shall have borne the battle, and for his widow, and his orphan." To this end, this cabinet-level organization provides healthcare services through the Veterans Health Administration (VHA) to nine million veteran patients each year.
Network Security Controls and Issues The many challenges of network security can be understood by realizing who needs access to the network itself. Access to secure networks should be accompanied by a certain need or reason by a person who has the authority to view, manipulate or reproduce information and data contained within that network. Access problems arise when there are no clear boundaries or guidelines as to who should have
Breach of Faith Over the course of twenty-two years, from 1979 to 2001, Robert Hanssen participated in what is possibly the most severe breach of national intelligence in the United States' history. Through a combination of skill and sheer luck, Hanssen was able to pass critical information from his job at the FBI to Soviet and later Russian intelligence agencies, information that may have contributed to the capture and execution of