CIS 608 Logo

CIS 608 Logo
CIS 608 - Information Security Management

Thursday, October 27, 2011

Post 048 - CIS 608




Assignment 9.2 - Calculating the Cost Benefit Analysis after Applying Information Security Controls

The table image above shows the exercise we did to calculate the Cost Benefit Analysis after applying Information Security.

It is based on determining two sets of Annual Loss Expectancy (ALE).

The first ALE is before the application of information security controls.

The second ALE is after the application of information security controls.

ALE is based on this calculation:

SLE * ARO = ALE

Where:
SLE is the Single Loss Expectancy for an incident
ARO is the Annualized Rate of Occurrence (Example 1 incident per month would be an ARO of 12.)
ALE = Annual Loss Expectancy


Reference:

Whitman, M. E and Mattord, H. J. (2010). Management of Information Security, third edition. Indianapolis, IN: Course Technology.

No comments:

Post a Comment