Cost benefit analysis (cba)-information security, Computer Network Security

Cost Benefit Analysis (CBA)

The common approach for information security controls is economic feasibility of implementation. CBA is begun by evaluating the worth of assets which are to be protected and the loss in value if those assets are compromised. The formal manner to document this is called as cost benefit analysis or economic feasibility study. Items which impact cost of a control or safeguard include: cost of development; implementation cost; service costs; training fees; cost of maintenance.

Benefit is the value an organization realizes by using controls to avoid losses associated with vulnerability. Asset valuation is the process of assigning financial value or worth to every information asset; there are several components to asset valuation.

Once worth of various assets is anticipated, potential loss from exploitation of vulnerability is examined. Process results in approximation of potential loss per risk. Expected loss per risk stated in equation given below:

Annualized loss expectancy (ALE) equals Single loss expectancy (SLE) TIMES Annualized rate of occurrence (ARO),Here SLE is equal to asset value times exposure factor (that is EF).

Posted Date: 10/9/2012 2:22:44 AM | Location : United States







Related Discussions:- Cost benefit analysis (cba)-information security, Assignment Help, Ask Question on Cost benefit analysis (cba)-information security, Get Answer, Expert's Help, Cost benefit analysis (cba)-information security Discussions

Write discussion on Cost benefit analysis (cba)-information security
Your posts are moderated
Related Questions
how did slavery influence life in the colonies

Security Clearances For a security clearance in organizations each data user should be assigned a single level of authorization indicating classification level. Before approachi

QUESTION (a) Describe the difference between static routing and dynamic routing algorithms. (b) List four functions that are performed by the Cisco IOS software during b

RING topology all computers are connected in loop. A ring topology is a network topology in which every node connects to exactly two other devices, forming a single continuous pa

Hypothetical reliable data transfer protocol: A jumping window based Go-back-N  ARQ protocol for file transfer using UDP as the transport protocol: In this protocol, a window o

What key which if used to encrypt the ciphertext again would give back the plaintext (i.e. key is a weak key)? Define a formula for identifying weak keys for the cipher below (

Data Classification and Management Corporate and military organizations use a several of classification schemes. Information owners are responsible for classifying information a

Question: (a) Explain briefly the PCI Control Objectives which enterprises must meet to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Specify a

Secure Socket Layer (SSL) accepts a combination of asymmetric and symmetric (public-key) encryption to accomplish integrity, confidentiality, authentication and non-repudiation for

The key concepts and frameworks covered in modules 1-4 are particularly relevant for this assignment. Assignment 2 relates to the specific course learning objectives 1, 2 and 3: