Tuesday, January 17, 2017

Risk Assessment

In order to calculate the risks for a company properly, you should use the following formula; SLE x ARO = ALE.  I will start by explaining what each acronym is for, SLE (single loss expectancy) which represents how much the company could expect to lose at any one point in time.  SLE can be divided into two portions, AV (asset value) and EF (exposure factor).  ARO (annualized rate of occurrence) is the possibility of which an event could happen within the next year by checking the history of the company.  ALE (annual loss expectancy) this measures the amount a company could expect to lose within a year's time.  Once you have been able to calculate the possible risks for a company it then allows you to be able to plan accordingly. 
For example, if a small company that generates $5,000 a day, did not have any backup system in place on their server and they were suddenly infected by a virus that damaged all their data.  The likelihood of a virus infecting the server within a year was estimated about 0.15 percent.  Every piece of the data loss could be recreated within 6 hours, for a cost of $1,000 the formula would be.  The SLE would be $31,000 ($5,000 x 6 + $1,000), and the ARO is 0.15.  Therefore, the ALE would be $4,650.
After a risk assessment, has been completed, there are a total of five probable actions you can take.  The first being risk avoidance, which would involve avoiding any possible actions that could be associated with the risk at hand.  The second is risk transference, which is basically purchasing an insurance plan to help with the cost if it were to happen.  The third is risk mitigation; this would be taking the necessary actions to reduce the possibility of risk. 
The fourth is risk deterrence, which would require gathering information about the attacker and acting against them such as policies.  The fifth is risk acceptance, which is a choice the company must come to decision when the cost is too high to implement any others and therefore accepts any possible risk or damage.
References:
Dulaney, E., & Easttom, C. (2014). CompTIA Security+ Study Guide, Sixth Edition. Indianapolis: John Wiley & Sons,.
Grimes, R. A. (2013, 03 19). The 5 cloud risks you have to stop ignoring. Retrieved 11 13, 2016, from Info World: http://www.infoworld.com/article/2614369/security/the-5-cloud-risks-you-have-to-stop-ignoring.html
Guide for Conducting Risk Assessments. (2012, September). National Institute of Standard and Technology. Gaithersburg, MD, USA: U.S. Department of Commerce.

Perspectives, I. (2015, 03 09). Virtualization and Security: Overcoming the Risks. Retrieved 11 13, 2016, from Data Center Knowledge: http://www.datacenterknowledge.com/archives/2015/03/09/virtualization-security-overcoming-risks/




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Binary Conversions

The conversion of numbers is common in mathematics and has been used for many generations.   During the creation of computers number co...

  • Internet of Things
    The IoT (Internet of Things) may not technically be what it sounds like the first time someone thinks about it.   Honestly, the IoT is ...
  • Encryption Methods
    Data Protection Algorithm Strength Use DES Insecure Government used in the 1970...
  • Risk Assessment
    In order to calculate the risks for a company properly, you should use the following formula; SLE x ARO = ALE.  I will start by explaining ...