InstructionsAs a key step in developing the risk management plan, a company has conducted a quantitative risk assessment based on monetary values. Specifically, the company has identified twelve major threat categories and assessed each threat's monetary impact using quantitative metrics. The table below demonstrates partial information about these calculations.Threat categorySLERate of frequencyAROALE$1.$ Internal hardware failure$$5,0001$ per week $2.$ DDoS attack$$75,0001$ per year $3.$ Phishing attack$$5001$ per week $4.$ City$-$wide power outage$$2,5001$ per quarter $5.$ Employee vandalism$$5,0001$ per $6$ months $6.$ Brute$-$force attack$$5001$ per month $7.$ Data manipulation$$5,0001$ per year $8.$ Ransomware$$1,5001$ per week $9.$ Eavesdropping$$2,5001$ per quarter $10.$ Tornado$$250,0001$ per $20$ years $1.$ Based on the information provided in the table, calculate and report the AROs and ALEs. Fill in the table. $2.$ Assuming that the asset value related to threat category #$10$ is $$1,000,000,$ what would be the expected exposure factor percentage used to calculate the SLE given in the table above? $3.$ After investing in a next$-$generation firewall $($NGFW$)$ as a risk control, the rate of frequency for threat category #$8$ has reduced to one every six months. What will be the adjusted ALE for this threat category? $4.$ How can this company use the ALEs calculated in the table above for risk management? In other words, what insights can the company draw from these values? Explain it in one paragraph. $5.$ Using the following formula to perform a cost$-$benefit analysis $($CBA$),$ the company is calculating whether investing in this risk control technology $($NGFW$),$ which costs $$6,000$ annually, is cost$-$effective to mitigate the attack. A positive CBA number indicates a cost$-$effective investment, and a negative number indicates a poor investment.CBA $=$ ALE$($pre$-$control$)$ ALE$($post$-$control$)$ ACSWhere, ALE $($pre$-$control$)=$ the annualized loss expectancy of the risk before the implementation of the risk control ALE $($post$-$control$)=$ the ALE examined after the risk control has been in place for a period of time Annual Cost $($ACS$)=$ the annual cost of the risk controlBased on the formula, what is the CBA in this scenario? Is it cost$-$effective for the company to invest in this security technology? Explain your reasoning.