Assignment 9.2 - Calculating the Cost Benefit Analysis after Applying Information Security Controls
The table image above shows the exercise we did to calculate the Cost Benefit Analysis after applying Information Security.
It is based on determining two sets of Annual Loss Expectancy (ALE).
The first ALE is before the application of information security controls.
The second ALE is after the application of information security controls.
ALE is based on this calculation:
ALE is based on this calculation:
SLE * ARO = ALE
Where:
SLE is the Single Loss Expectancy for an incident
ARO is the Annualized Rate of Occurrence (Example 1 incident per month would be an ARO of 12.)
ALE = Annual Loss Expectancy
Reference:
Whitman, M. E and Mattord, H. J. (2010). Management of Information Security, third edition. Indianapolis, IN: Course Technology.
No comments:
Post a Comment