Question
This exercise uses spreadsheet software to calculate anticipated annual losses from various security threats identified for a small company. Mercer Paints is a paint manufacturing
This exercise uses spreadsheet software to calculate anticipated annual losses from various security threats identified for a small company. Mercer Paints is a paint manufacturing company located in Alabama that uses a network to link its business operations. A security risk assessment requested by management identified a number of potential exposures. These exposures, their associated probabilities, and average losses are summarized in Table 1 below.
In addition to the potential exposures listed, identify at least three other potential threats to Mercer Paints, assign estimated probabilities and a loss range based on your experience or research.
Use spreadsheet software and the risk assessment data to calculate the expected annual loss for each exposure.
Prepare a written memo to me that summarizes your findings and recommendations. Make sure that you present your analysis in the form of a chart that is included in the memo. Which control points have the greatest vulnerability? What recommendations would you make to Mercer Paints? Setting security policies and procedures really means developing a plan for how to deal with computer security. One way to approach this task is:
Look at what you are trying to protect.
Look at what you need to protect it from.
Determine how likely the threats are.
Implement measures that will protect your assets in a cost-effective manner.
Review the process continuously, and improve things every time a weakness is found.
Your memo should focus most on the last two steps, but the first three are critically important to making effective decisions about security. One old truism in security is that the cost of protecting yourself against a threat should be less than the cost of recovering if the threat were to strike you. Without reasonable knowledge of what you are protecting and what the likely threats are, following this rule could be difficult.
Table 1 - Mercer Paints Risk Assessment
| Exposure | Probability of Occurrence (%) | Average Loss ($) |
| Malware attack | 60% | $75,000 |
| Data loss | 12% | $70,000 |
| Embezzlement | 3% | $30,000 |
| User errors | 85% | $25,000 |
| Threats from hackers | 95% | $90,000 |
| Improper use by employees | 35% | $5,000 |
| Power failure | 15% | $300,000 |
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Fundamentals Of Database Systems
Authors: Ramez Elmasri, Shamkant B. Navathe
7th Edition Global Edition
1292097612, 978-1292097619
