Risk Assessment

Risk Assessment

Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table, calculate the ARO and ALE (In cost-benefit analysis, the product of the annualized rate of occurrence and a single loss expectancy.) for each threat category the company faces for this project. The first one is done for you.

Threat Category

Cost per incident (SLE)

Frequency of occurrence

ARO

ALE

Programmer mistakes

$5,000

1 per week

52.0

$260,000

Loss of intellectual property

$75,000

1 per year

Software piracy

$500

1 per week

Theft of information (Hacker)

$2,500

1 per quarter

Theft of information (employee)

$5,000

1 per 6 months

Web defacement

$500

1 per month

Theft of equipment

$5,000

1 per year

Viruses, worms, Trojan horses

$1,500

1 per week

Denial-of-service attacks

$2,500

1 per quarter

Earthquake

$250,000

1 per 20 years

Flood

$250,000

1 per 10 years

Fire

$500,000

1 per 10 years

ARO – In cost-benefit analysis, the expected frequency of an attack, expressed on a per-year basis.

ALE – In cost-benefit analysis, the product of the annualized rate of occurrence and a single loss expectancy.