(Solved): Directions Create a numbered list of risks that could be detrimental to your organization and condu ...

Directions Create a numbered list of risks that could be detrimental to your organization and conduct the following analysis by addressing the written prompts and completing the matrix. Risk Assessment Matrix Evaluation Briefly explain the following: Identify several risks that are relevant to the industry and business represented in the "Business Continuity Plan (BCP)." - Calculate the annualized rate of occurrence (ARO). - Calculate single loss expectancy (SLE) for the risk. - Calculate the annualized loss expectancy (ALE) of the risk. - Identify the severity and probability of the risk occurrence. Create your list of risks. 1. Insider Threat: a. Calculate the annualized rate of occurrence (ARO). b. Calculate single loss expectancy (SLE) for the risk. c. Calculate the annualized loss expectancy (ALE) of the risk. d. Identify the severity and probability of the risk occurrence. 2. System Misconfiguration a. Calculate the annualized rate of occurrence (ARO). b. Calculate single loss expectancy (SLE) for the risk. c. Calculate the annualized loss expectancy (ALE) of the risk. d. Identify the severity and probability of the risk occurrence. 3. Malware a. Calculate the annualized rate of occurrence (ARO). b. Calculate single loss expectancy (SLE) for the risk. c. Calculate the annualized loss expectancy (ALE) of the risk. d. Identify the severity and probability of the risk occurrence. 4. a. Calculate the annualized rate of occurrence (ARO). b. Calculate single loss expectancy (SLE) for the risk. c. Calculate the annualized loss expectancy (ALE) of the risk. d. Identify the severity and probability of the risk occurrence. Risk Assessment Matrix Place the corresponding number of each risk event in your list in the appropriate cell on your matrix based on the severity and probability at which you arrived through your analysis. Risk Calculation Risk Calculation Methodology The better an organization can accurately calculate the probability and impact of events, the better prepared they are to address the risk. There are two approaches to risk calculation. The qualitative risk calculation approach utilizes an educated guess based on observation and experience, and is considered arbitrary and less reliable because it is based on a guess. A second approach, quantitative risk calculation, is considered more scientific and accurate because it uses hard numbers based on historical data to arrive at its conclusions. Quantitative risk calculations are divided into two factors, the probability of a risk happening and the severity of the event when it happens. To arrive at these determinations, we must calculate the following: Risk Likelihood Generally, one can predict the likelihood of an event based on historical data. For example, we can determine the mean time between failures (MTBF) for a disk device based on the number of devices in use and the rate at which they fail. Conversely, we can estimate the likelihood of a flood based on the historical flood data for a specified period. For instance, a builder might design stormwater drainage based on the worst recorded storm in the last 50 years, or we might consider that historically, pandemics happen once every 100 years, and so on. Annualized Rate of Occurrence (ARO) To create your risk matrix, it will be necessary to use historical data to determine the likelihood of a risk happening within a single year. This is called annualized rate of occurrence (ARO). The $\mathrm{ARO}$ is a multiplier and can be calculated as follows: $ARO=\frac{\text{ One Year }}{\text{ Years Per Occurence }}$ For instance, if an event historically happens once a year, the ARO is 1.0 , twice a year, the ARO is 2.0 , every other year, 0.5 , and every 25 years, 0.04 . So, for the 50 -year storm, the ARO would be: $ARO=\frac{1}{50}=0.02$ Risk Impact Determining the risk impact can be accomplished by comparing the risk to the monetary loss associated with an event to determine the cost that represents how much money would be lost should the event happen. Two risk impact formulas are commonly used to calculate expected losses. The Single Loss Expectancy (SLE) The single loss expectancy (SLE) is the expected monetary loss every time an event happens. The SLE is computed by multiplying the Asset Value (AV) by the Exposure Factor (EF), which is the portion of the AV that is likely to be lost in the event occurrence. The EF is expressed as a percentage. The SLE is calculated as follows: $SLE=AVxEF$ For example, consider a building with an $\mathrm{AV}$ of $\$10,000,000,75$ percent (EF) of which is likely to be lost in a flood from a 50-year storm. Therefore, the SLE would be calculated as follows: $SLE=\$10,000,00\times 0.75=\$7,500,000$ Annualized Loss Expectancy (ALE) The annualized loss expectancy (ALE) is the expected monetary loss for an asset due to risk over one year. It is calculated by multiplying the SLE by the ARO. $ALE=SLExARO$ So, to calculate the ALE for our building in the event of a flood from a 50 -year storm, we would calculate the ALE as follows: $ALE=\$7,500,000\times 0.02=\$150,000$