Question 6 (14 Marks) An information asset of a company is currently valued at $100,000. Using the quantitative risk assessment approach, the company is assessing the risk due to a type of attack that happens three (3) times every four (4) weeks on average. Each attack to the information asset causes a damage with an exposure factor EF =0.5. Calculate the current single loss expectancy (SLE), annualised rate of occurrence (ARO), and annualised loss expectancy (ALE) values. You may assume that there are 52 weeks in a year. . The company is considering two possible controls described below to address this risk. Using the cost-benefit analysis (CBA) approach, derive the SLE, ARO, ALE, ACS (annualised cost of safeguard), and CBA values for each case and state clearly which control should be selected to address the risk - Control A costs $200,000 per annum and reduces the frequency of attacks to once per fortnight. - Control B costs $700,000 per annum and reduces the exposure factor to 0.2. Question 6 (14 Marks) An information asset of a company is currently valued at $100,000. Using the quantitative risk assessment approach, the company is assessing the risk due to a type of attack that happens three (3) times every four (4) weeks on average. Each attack to the information asset causes a damage with an exposure factor EF =0.5. Calculate the current single loss expectancy (SLE), annualised rate of occurrence (ARO), and annualised loss expectancy (ALE) values. You may assume that there are 52 weeks in a year. . The company is considering two possible controls described below to address this risk. Using the cost-benefit analysis (CBA) approach, derive the SLE, ARO, ALE, ACS (annualised cost of safeguard), and CBA values for each case and state clearly which control should be selected to address the risk - Control A costs $200,000 per annum and reduces the frequency of attacks to once per fortnight. - Control B costs $700,000 per annum and reduces the exposure factor to 0.2