Cost benefit analysis (cba)-information security, Computer Network Security

Cost Benefit Analysis (CBA)

The common approach for information security controls is economic feasibility of implementation. CBA is begun by evaluating the worth of assets which are to be protected and the loss in value if those assets are compromised. The formal manner to document this is called as cost benefit analysis or economic feasibility study. Items which impact cost of a control or safeguard include: cost of development; implementation cost; service costs; training fees; cost of maintenance.

Benefit is the value an organization realizes by using controls to avoid losses associated with vulnerability. Asset valuation is the process of assigning financial value or worth to every information asset; there are several components to asset valuation.

Once worth of various assets is anticipated, potential loss from exploitation of vulnerability is examined. Process results in approximation of potential loss per risk. Expected loss per risk stated in equation given below:

Annualized loss expectancy (ALE) equals Single loss expectancy (SLE) TIMES Annualized rate of occurrence (ARO),Here SLE is equal to asset value times exposure factor (that is EF).

Posted Date: 10/9/2012 2:22:44 AM | Location : United States







Related Discussions:- Cost benefit analysis (cba)-information security, Assignment Help, Ask Question on Cost benefit analysis (cba)-information security, Get Answer, Expert's Help, Cost benefit analysis (cba)-information security Discussions

Write discussion on Cost benefit analysis (cba)-information security
Your posts are moderated
Related Questions
Question : a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the source I

Question 1: (a) Define Artificial Intelligence. (b) Briefly describe the categories for the definition of Artificial Intelligence. (c) Identify the four basic types of

802.11 WIRELESS LANs AND CSMA/CA:  IEEE 802.11 is standard wireless LAN that needs radio signals at 2.4GHz. Its speed is 11Mbps. The older computers use radio signals at data

IPV6 NEXT HEADER It is given in the figure below:

CSMA/CA Wireless needs collision avoid ness rather than collision checking. Transmitting computer puts very short codes to receiver. Receiver responds with short message getti

Risk Identification Risk management comprises of identifying, classifying and prioritizing organization’s information assets, threats and vulnerabilities also. Risk Identificati

Secure a Wireless Network WIRELES Most online retailers provide some type of privacy statement. Many statements are long, and appear in small print, and many appear to be simi

Simplex data exchange Simplex communication defines to communication that happens in one direction only. Two definitions have made over time: a common definition, which is des

Belady's Anomaly Also known FIFO anomaly. Generally, on raising the number of frames given to a process' virtual storage, the program execution is faster, because lesser page

Network Virtual Terminal It is a set of principles describing a very simple virtual terminal interaction. The NVT is needed in the start of a Telnet session. Communication wit