*CYBERSECURITY*

Suppose Digital International has a new cloud migration project. The Chief Transformation Officer (CTO) wants to understand how to manage security risks in the organisation. In your role, using the following table, answer the following questions:

- Calculate Annualised Rate of Occurrence (ARO) and Single Loss Expectancy (SLE) for each threat category in the cloud transformation project.

Threat Category	Frequency of Occurrence	Annual Loss Expectancy (ALE)
Human Error	1 per month	$48,000
Inadequate Privilged Access Management	1 per year	$400,000
Lack of Secure Coding	1 per 6 months	$200,000
Denial of Service Attack (DoS/DDoS)	2 per quarter	$300,000
Unavailability of cloud	1 per 10 year	$100,000

- Assume that a year has passed, and Digital International has improved security by applying several controls. Using the information from the question above and the following table, calculate the post-control ARO and ALE for each threat category listed

- How much ALE ($ value) will Digital International prevent after the implementation of controls?

Threat Category	Frequency of Occurrence	Cost of Control	Control
Human Error	1 per qaurter	$10,000	Training
Inadequate Privilged Access Management	1 per 2 years	$100,000	Privlged Access Reviews and Automation
Lack of Secure Coding	1 per2 years	$75,000	Secure code scanning tools
Denial of Service Attack (DoS/DDoS)	1 per 6 months	$100,000	DDoS protection Firewall
Unavailability of cloud	1 per 20 year	$50,000	Increasing cloud availability zones