Part $2$: Risk Control and Cost Benefit Analysis $($CLO$2)$:

You are assigned the task to analyze the following scenarios and answer the questions at the end:

$$ Case #$1$ Data Breach:

$$ The CYZ faces the risk of a cybersecurity breach because of chatbot on its website that could result in data breach and severe financial consequences.

$$ It is expected that frequency with which the data breach can occur once in $7$ weeks.

$$ Each breach can cost up to $$25,000.$

$$ The organization has implemented security control costing $$100,000$ annually with an effectiveness of $80\%.$

$$ The confidence of the company that this security control will fix the vulnerability is $90\%.$

$$ The likelihood of a breach occurring in a year is $55\%$ with potential impact is $80.$

$$ Case #$2$ Equipment Failure:

$$ The CYZ also faces the risk of its data storage failure, leading to downtime and repair costs.

$$ The potential impact of equipment failure is estimated at $1.$

$$ The likelihood of equipment failure in a year is $60\%.$

$$ The organization has implemented preventive maintenance measures with an effectiveness of $40\%.$

$$ The equipment failure is expected to occur at least twice per year.

$$ Each incident can cost up to $$50,000.$

$$ Case #$3$ Earthquake preparedness:

$$ One hospital branch is located in a seismic activity$-$prone region, and the risk of earthquake$-$induced disruptions to business operations is a concern.

$$ On average there is an earthquake every $2$ years.

$$ Last time due to an earthquake, the services were disrupted for almost $2$ months and the organization was unable to recover its complete data as no backup was available.

$$ On average the company losses $$50,000$ after every earthquake.

$$ The company needs data security plans to safe guard its organizational data so it needs your recommendations.

Management has asked you to help them deciding, by reporting on the following:

$1.$ Propose most suitable risk control strategy for each of the cases mentioned above.

$2.$ Calculate the risk and Annual Loss Expectancy.

$3.$ The viability $$justification$$ of the proposed solutions after cost benefit analysis.

$$ Risk Formula

Risk $=($L$*$I$)-(($PRC$)($L$*$I$))+(($U$)($L$*$I$))$

ALE $=$ SLE x ARO

SLE $=$ Asset Value x EF

CBA $=$ ALEprior $-$ ALEpost $-$ ACS