An organization determines that the probability of unauthorized access to a database that contains personally identifiable information (PII) about its clients and employees is 5% in a year. The total estimate of the loss due to this exposure is estimated to be 5 million dollars. This includes losses resulting from loss of reputation, business operations, fines imposed by FCC, legal fees.

After consulting with a security firm, a product was identified that could implement stronger access control and that could allow security administrator to track such an unauthorized access. The total cost of the product is $500,000, plus $10,000/year for maintenance. The product should work well for next five years. It is estimated that, if implemented, it will protect from 90% of all such attacks.

We want to know whether the organization should purchase this product.

What is the Single Loss Expectancy (SLE)? $ (Please enter digits only)

What is the Annualized Rate of Occurrence (ARO)? %

What is the calculated Annualized Loss Expectancy (ALE)? $ (Please enter digits only)

What would be the ARO if the countermeasure is implemented? %

What would be the corresponding ALE? $ (Please enter digits only)

What is the countermeasure cost for a year? $ (Please enter digits only)

Should the organization purchase this product? (Please enter Yes or No)