Explain in Your Own Words What is Meant by the Terms Sweet Spot and Discretionary Area

$10.00

SKU: Repo520012 Category:

Explain why you think the Defined Highest Acceptable Risk is located on the Sweet Spot

 

Task

1. For this question you are required to make at least two (2) forum postings, arguing either for or against the quantitative method of risk assessment. You will be assessed on what you contribute to the debate in terms of quality not quantity (though your posting should at a minimum be a few sentences long). You may either create new thread or reply to a previous posting. All new threads should contain the subject line “Quantitative Debate”

 

2.Study Exhibits 61.1 and 61.2 from Reading 3, and answer the following questions:

(a) Explain in your own words what is meant by the terms Sweet Spot and Discretionary Area (see Exhibit 61.1)

(b) Explain the significance of a security decision that is located to the right of the Sweet Spot but outside the Discretionary Area (see Exhibit 61.1).

(c) Explain the significance of a security decision that is located to the left of the Sweet Spot but still inside the Discretionary Area (see Exhibit 61.1).

(d) Explain why you think the Defined Highest Acceptable Risk is located on the Sweet Spot, but the Defined Lowest Acceptable Risk is located to the right of the Sweet Spot (see Exhibit 61.2).

 

3. In Reading 7 for this subject, Ozier states that ‘The [ALE] algorithm cannot distinguish effectively between low frequency/high-impact threats (such as ‘fire’) and high-frequency/low impact threats (such as ‘misuse of resources’).’ Explain why this is the case. Give an appropriate example to illustrate your explanation.

 

4.(Note: Make sure you show ALL your working for this question)
The following threat statistics have been gathered by a risk manager. Based on these, calculate the ALE for each threat.

[/su_table]
ThreatCost per incidentOccurrence frequency
Software piracy$6001 per month
Computer virus/wom$20001 per month
Information theft(hacker)$35001 per 3 months
Information theft(employee)$60001 per 4 months
Denial of service attack$110001 per 2 years
Laptop theft$40001 per 5 years
Web defacement$15001 per 2 years
Fire$500,0001 per 10 years
Flood$300,0001 per 15 years

 

5. (Note: Make sure you show ALL your working for this question)
Using the figures you calculated above, determine the relative ROSI (return on security investment) for each of the same threats with the following controls in place. Remember that a single control may affect more than one threat, and you need to take this into account when calculating the ROSI. Based on your calculations, which controls should be purchased? 

ThreatCost per incidentOccurrence frequencyControlYearly cost of control
Software piracy$5001 per 4 monthsAnti-piracy protection hardware$15,000
Computer virus/wom$13001 per 5 monthsAntivirus$5,000
Information theft(hacker)$20001 per 6 monthsIDS$30,000
Information theft(employee)$70001 per 18 monthsAccess controls$10,000
Denial of service attack$40001 per 10 yearsFirewall$15,000
Laptop theft$50001 per 10 yearsPhysical security$25,000
Web defacement$15001 per 5 yearsFirewall$15,000
Fire$75,0001 per 10 yearsInsurance2$15,000
Flood$50,0001 per 15 yearsInsurance$30,000

 

6. Consider the data in the two tables that appear in questions 4 and 5 above. Sometimes a control may affect the cost per incident and sometimes the occurrence frequency, and sometimes both. Why is this the case? Illustrate your answer with an example drawn from the data provided.
7. The year is 1999 and you are the risk manager for a large financial institution. You apply the Jacobson’s Window model (Reading 11) to determine your company’s preferred response to the impending Y2K bug. According to the model, should you accept, mitigate, or transfer the Y2K risk? Why? Do you agree with the model’s recommendations? Why or why not?

 

8. (Note: Make sure you show ALL your working for this question)
You want to persuade management to invest in an automated patching system. You estimate the costs and benefits over the next five years as follows:

Benefits: Year 1 Year 2 Year 3 Year 4 Year 5
$2,000 $2,500 $4,000 $4,000 $4,000
Costs: Year 1 Year 2 Year 3 Year 4 Year 5
$3000 $2000 $750 $250 $250

Calculate the Net Present Value (NPV) for this investment. Assuming that management has set the Required Rate of Return at 10%, should the investment be made? Why or why not?

 

9. There are a number of qualitative risk assessment models that are available for use, such as FRAP, OCTAVE, OWASP and CRAMM.  Choose one of these models and briefly describe how risk assessment is conducted under this model. Describe an example situation where you could use this selected model. Give your assessment of the validity, or otherwise, of this risk assessment model
 
 

Writing your homework and assignments all on your own is a difficult task. So, Assignments4u has made it easy for students by helping them in writing their assignments. Assignments4u will assist you in completing your tasks, and you can approach us with all your assignment, homework, and essay writing requirements.

We have over 4350+ experienced writers working as experts in different streams of study. Get all your academic doubts clarified and take pride in learning subjects like history, math’s or law. Our assignment help and essay help is available in countries like USA, Australia, New Zealand, Singapore and many more. Get accounting assignment help, corporate nursing assignment help, marketing assignment help or else statistics assignment help in exchange for a nominal price.

Reviews

There are no reviews yet.

Be the first to review “Explain in Your Own Words What is Meant by the Terms Sweet Spot and Discretionary Area”

Your email address will not be published. Required fields are marked *

Sorry no more offers available

When assignments gets tough, get tougher

Want a fresh solution like this one? 
We are available 24/7
ORDER NOW
0 Shares
+1
Share
Tweet
Pin
Call Back