Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Can anyone please help me with solving this Quantitative risk assessment? Risk assessment scenario: Over the 5 years that you have been in business, your

Can anyone please help me with solving this Quantitative risk assessment?

Risk assessment scenario:

  • Over the 5 years that you have been in business, your organization has accumulated 10,000 customer records that form the basis of your ongoing sales and service business. Repeat business through customer loyalty accounts for 10% of your current annual revenue of $2million. Your sales staff of 8 representatives spends most of the time on the road, following up new leads or attending to repeat orders from existing customers.
  • Your industry body has determined that the threats to businesses in your sector are currently those shown in the table below. Your network of industry acquaintances has expressed surprise that you still allow your sales staff to carry around your client list on unprotected laptops that are taken to restaurants, left in cars or dumped on the living room table at home. CyGuard software (or similar) to encrypt the client contact list and any other sensitive data on a laptop is used by many companies in your industry. A guard 10 license pack costs $8,000 per annum, which seems a bit expensive, but it includes automatic updates and other features that dont concern us here.
  • The chance that you will lose at least one laptop from your organization in any one year is estimated by your industry body at 0.47, or nearly 1 chance in 2. The fact that you have not lost any yet is probably due more to good luck than good management.
  • Your accountant, on the other hand, has advised you that the chance, in the long run, of fraud being conducted by one or more of your employees is real, and has recommended that you put in place some background auditing software that can alert you to narrow or negative margins in some of you key financial indicators. This add-on to your office financial system costs an initial $2,200 in the first year and an ongoing annual support and upgrade fee of the same amount.
  • The average loss in your industry from fraud, when it occurs, is reported to be on average $14,000 per $1m of revenue. The probability that it will happen to you in any given year is about 0.09 or slightly less than 1 in 10.
  • For the purpose of this exercise, you may assume that due to the covid crisis and its aftermath, there is no growth occurring in your revenue at this time, and that this has been an unfortunate ongoing trend for some time. Also, assume that there is no annual growth in your customer base. Assume also that if your customer records get out, your competitors will swoop and you will lose all repeat business.

Q1.1 Your task is to determine, by performing the appropriate calculations, the cost-benefit of following the advice of your industry colleagues and your accountant by installing protection on the laptops and your office financial system as suggested. Assume that the controls are 100% effective in reducing the risk if they are installed.

Be quite clear in your recommendation as to whether the expense should be incurred or not in each case.

Q1.2 If the residual risk in both instances after the control was installed was 25% of the initial exposure, would it still be worthwhile installing the controls? Show your workings.

Type of Misuse or Attack

Year:2009 % occurrence

Virus

65%

Laptop theft

47%

Insider abuse of Net access

42%

Unauthorised access to info

32%

Denial of service

25%

System penetration

15%

Abuse of Wireless connection

14%

Theft of IP

9%

Financial fraud

9%

Telecommunications fraud

8%

Misuse of public Web applications

6%

Web site defacement

6%

Sabotage

3%

Some formulae

SLE single loss expectancy

ARO annualised rate of occurrence

ALE annualised loss expectancy

CC cost of controls

ROSI return on security investment

ALE = SLE x ARO

ROSI = (ALEbefore ALEafter) CC

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

How To Prepare Perform And Pass An ISO 9001 2015 Audit

Authors: Rhys J Mitchell

2020 Edition

B085KBSW66, 979-8618615969

More Books

Students also viewed these Accounting questions