11. Quantitative risk Analysis: Assessment of risk and vulnerability, determination of value ofassets which are under risk, assessment of historical actions of the company, estimation ofAnnual rate of Occurrence (ARO) for each factor, determination of measures for overcomingevery risk factor, determine Annual Loss Expectancy (ALE) for every risk factor, cost benefitanalysis need to be done before and after applying countermeasures, on the basis of ALE andcost benefit analysis, determine ROI, finally present results to management in summarized form(Kaplan, S., & Garrick, B. J. 1981).ARO = frequency of occurrence of a threat in a year. Threat occurring once a year has ARO of0.1.ALE = Single Loss Expectancy x Annualized Rate of Occurrence.Safeguard Cost/Benefit Analysis = (ALE before implementing safeguard) – (ALE afterimplementing safeguard) – (annual cost of safeguard (which is value of safeguard))Qualitative Risk Analysis: Various processes that can be used for qualitative risk analysis areinterviewing- where a set of structured questions are answered by experts, brainstorming- forgenerating a large number of ideas in less time and expert elicitation- where expert judges thecharacteristics of uncertainty.2. Vulnerability refers to weakness which can be exploited by threats. The threat is thepossibility of occurrence of the harmful incident. A threat agent is entities who intentionally seekexhibit a threat. Risk refers to the possibility of damage, destruction, and loss of assets. Exposureis referred in monetary terms that can be lost in the form of investment. Controls refer toprocedures and policies used to manage, track and report financial resources (Vose, D. 2008).
Found this document preview useful?
Security Risk Analysis and Management: A Comprehensive Guidelg...
Assignment Information Security Hitches in Te Mata Estatelg...
Qualitative and Quantitative Assessment of Riskslg...
Report on Risk Management Analysislg...
Risk Management for Software Design - Deskliblg...