Nt2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis

In: Computers and Technology

Submitted By brequena
Words 625
Pages 3
NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis

Qualitative Risk Assessment Single loss expectancy (SLE) : Total loss expected from a single incident Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year Annual loss expectancy (ALE): Expected loss for a year


Safeguard value: Cost of a safeguard or control

Scenario: Richman Investments provides high-end smartphones to several employees. The value of each smartphone is $500, and approximately 1,000 employees have these company-owned devices. In the past year, employees have lost or damaged 75 smartphones .

With this inforr.nation, calculate the following: SLE • • ARO= _ 75 _ __ _

=- - - - $500.00

ALE= _ _ _ __ $37,500.00

Richman is considering buying insurance for each smartphone. Use the ALE to determine the usefulness of this safeguard. For example, Richman could purchase insurance for each device for $25 per year. The safeguard value is $25 X 1,000 devices, or $25 ,000. It is estimated that if the insurance is purchased , the ARO will decrease to 5. Should the company purchase the insurance?

Determine the effectiveness of the safeguard: Current ALE = $37,500.00 ARO with control = 5 ALE with control = - - - - -
$35,000.00 Savings with control =



(Current ALE - ALE with control)

Safeguard value (cost of control) = $25,000 Realized savings = _$17,500.00 (Savings with control - safeguard value) - _____ Should Richman buy the insurance? Explain your answer.

Richman should not purchase the insurance because the projection leaves a negative $17,500.00.

© ITT Educational Services

Page 1

NT2580: Unit 6 Quantitative and Qualitative Risk Assessment Analysis
Qualitative Risk Assessment

Probability: The likelihood that a threat will exploit a vulnerability.…...

Similar Documents

Nt2580: Unit 1 Match Risks/Threats to Solutions

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user ___C_____ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop ____L___ 5. Unauthorized physical access to the LAN ____N__ 6. LAN server operating system vulnerabilities ____F_ 7. Download of unknown file types from unknown sources by local users ____B___ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H___ 9. WAN eavesdropping ____M___ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ____D___ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ____G___ 13. Corrupt or lost data ____E___ 14. Downtime of customer database ____J__ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. B. Apply file......

Words: 447 - Pages: 2

Qualitative vs. Quantitative

...Qualitative vs. Quantitative Analysis When research is being conducted you must gather data. “Data are the facts and figures collected, analyzed, and summarized for presentation and interpretation” (Anderson, Sweeney & Williams, 2005, 5.) You must differentiate the type of data before you can analyze it. “There are basically two ways to go about an analysis, qualitative analysis and quantitative analysis” ("Difference between qualitative," 2011). “You can use both qualitative and quantitative reports to track the work performance of individuals, business units and your workforce as a whole” (Ciaran, John). Each type of data has its own advantages and many times analyzers use a combination of both types of data to make decisions. Qualitative and quantitative data are important to gather because they provide different outcomes. These are often used together when analyzing in order to get a full picture of a population. Qualitative data is either on the “nominal or ordinal scale of measurement and may be nonnumeric or numeric” (Anderson, Sweeney & Williams, 2005, 7.). This type of data focuses on interpreting raw data. This type of data is also known as “categorical” data. Qualitative data can be used to evaluate investments or other business opportunities. This type of data can also assist when it comes to decision making. Some believe qualitative analysis is “the foundation of a broad array of investment and financial decision-making methods” ("Qualitative......

Words: 2475 - Pages: 10

Qualitative vs. Quantitative Risk Assessment

...Qualitative vs. Quantitative Risk Assessment U.S. Industries, Inc. has just won a contract with the U.S. Government to expand an existing network. U.S. Industries has never traded with the U.S. Government at this level before, thus we must gain an understanding of the qualitative and quantitative risks surrounding this project. We must also look at Operations, Audit, Compliance, Budgeting and the many other facets of business that we may be able to map out all of the components used to assign a proper risk rating to this project. Quantitative risk assessment begins when we have the ability to apply a dollar amount to a specific risk. If the project was to be finished a month early there would not be a risk because the company would save money, however at what cost? Projects that are done early usually go wrong. If the project is completed on time but not with the required security measures the company would not be in compliance with PCI DSS. By completing the project a month early using the mandatory security requirements there is no risk. Qualitative risk assessment comes into play in a different form. There are additional factors and threat vectors into our contract. We now find out that the database that once held only 1,000 records is now going to hold a range of 100,000 records to 1,000,000 records, as well as the new knowledge that multiple groups within the organization will be accessing and modifying the database daily. We have also been informed that we......

Words: 851 - Pages: 4

Nt2580 Unit 6 Assign 1

...JO STARNES, NT2580, UNIT 2 CALCULATING THE WINDOW OF VULNERABILITY The window of vulnerability is the amount of time the systems defense measures are compromised, minimized, or eliminated. This is when the system is most likely to be at risk, and can be affected by malicious attacks. It is not stated as what day the server software detected the attack on the SMB server. It only states that it was detected the day before. So from day one, these are the steps we will need to take to get the SMB server back up and running properly and safely, as well as the amount of time it will take for us to solve the issue: Day 1 - The software company will release a patch for this attack in three days. Day 4 – We will receive the patch, and we need to install and test the patch, this will take at least five days. Day 9 – After installation and testing is completed; we will send the update to the entire company’s network devices. As soon as all the updates are sent out to all the devices, they will need to be rebooted in order for the patch to take effect. We can send out a message to all devices to insure this happens. This could take a day or two to complete. This could all be completed as early as 10 days if there are no issues during the process, however problems may arise and it could possibly take a day or two more. I hope that this is helpful and we will start immediately on the problem. It is of upmost importance that you have team members monitoring the server at all times......

Words: 310 - Pages: 2

Risk Assessment

...Security Management RISK ASSESMENT Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media. Arisk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees, but your risk assessment will help you decide whether you  have covered all you need to. Think about how accidents and ill health could happen and concentrate on real risks – those that are most likely and which will cause the most harm. For some risks, other regulations require particular control measures. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail. These control measures do not have to be assessed separately but can be considered as part of, or an extension of, your overall risk assessment. Although all elements of the risk management cycle are important, risk assessments provide the foundation for......

Words: 3691 - Pages: 15

Qualitative and Quantitative

...D1 – Qualitative and quantitative What is qualitative? Qualitative is represented as judgment quality of something for example colour and appearance. When checking the quality of something you don’t need to measure and weight of it, so numbers are not required to identify the substances. What is quantitative? Quantitative is checking the quantity of something such as the weight, mass and area to ensure to ensure accuracy of that specific substance. By doing this you would know the exact amount/ weight of the substance or equipment that you are using. Titration: The titration that we carried out was both qualitative and quantitative. For example when we made the standard solution for the titration we used the exact quantity of the substance and we mixed it with the exact amount of deionised water (250ml) and when we were doing the calculation to get the concentration of the standard solution we made sure to use weight of the equipment that we used. When we were caring out the titration we added indicator in the base so that the solution would turn into different colour and when we add the acid into it we would be able to tell when the end point comes because the colour will change. Qualitative and quantitative comparison: I think that quantitative technique is more important than qualitative for titration because if the measurements for titration and standard solution are not accurate and precise then then it can affect all of our result and conclusion can be......

Words: 1022 - Pages: 5

Quantitative Qualitative

...Samantha Roberts Student Number: Word count: 1,289 There has been an ongoing paradigm debate between quantitative and qualitative research amongst social scientists for a number of years. Qualitative Research is a particularly new concept developed to obtain and analyse data however many researchers are yet to take a liking to this concept (Bryman, 1984). Qualitative research refers to studies that are conducted in natural settings and include participant observation, focus groups and in-depth interviews. (Whitley & Crawford, 2005). These techniques provide a strong insight into how participants view events and experiences to obtain a deeper meaning into the area being studied (Willig, 2001). Quantitative research focuses on the Scientific Method which is based on a series of steps that are followed systematically to acquire data such as experiments that are then analysed and presented into numerical form. This essay will examine both research paradigms while also determining the epistemological underpinnings that determines the methods used to collect and analyse data. Qualitative researchers are mainly concerned with the social world and the influence of events and experiences that has on an individual’s perspective of the world. These researchers are not concerned with answering a specific question, more so to develop a rich understanding of a certain topic mainly through the methods of in-depth interviews, participant observation and focus groups. In-depth......

Words: 1519 - Pages: 7

Quantitative and Qualitative

...Quantitative and Qualitative Quantitative and Qualitative Research The purpose of this paper is a comprehensive comparison of quantitative vs. qualitative research techniques for MBA 5210 Business Statistics. The paper will weigh the relative merits and demerits of each providing interpretation of the potential applications of qualitative and quantitative research to various fields of study as per the requirements of the paper. Qualitative and Quantitative Overview Researchers have long debated the relative merits quantitative vs. qualitative research techniques have to offer field researchers. It is important that one understand the implications of each in order to weigh the relative importance and relevance of each to the field. Qualitative and quantitative methods have a long history of providing researchers with information regarding specific events, phenomena and subjects. The primary difference between the two forms of investigation is the methods each employs to uncover the ‘reality’ behind a given situation. These separate realities are explored below. Benz & Newman (1998) suggest that qualitative and quantitative research methods align in a continuum. Qualitative research derives its foundation in naturalistic philosophy, whereas quantitative research focuses on positivistic philosophy (Benz & Newman, 1998). Qualitative research is more likely to adopt an individual phenomenological perspective, whereas quantitative approaches tend to......

Words: 1860 - Pages: 8

Quantitative and Qualitative

...of each option as well, and based on all these items, determine which option is the best for that particular situation. When analyzing a decision making of a business from an investment perspective it is important to assess it from both quantitative and qualitative information. Quantitative information refers to information that is can measure in number. It can be expressed in numerical terms including financial and non-financial information. The financial information is relating to monetary receipts and expenditures. For example, revenue, expenses, profit margins, taxes and so on. In the other hand, non-financial information means that the performance that is not expressed in monetary units, such as number of units produced, measurement of time required to make products, number of employees, number of quality return and etc. Non-financial performance measures are sometimes considered to be leading indicators of future financial performance, while current financial performance measures such as earnings or return on assets are commonly considered to be trailing measures of performance. Qualitative information refers to information that can't actually be measured, it relevant to a decision that cannot be expressed in numerical. Qualitative information is non-numerical information based on the quality of an item or object. It pertains to the description of something using our sense of sight, smell, taste, touch and hearing. For example if your customer were testing the......

Words: 472 - Pages: 2

Risk Assessment

...Risk assessment is a structured and methodical process, which is reliant on the correct identification of hazards and a suitable assessment of risks ascending from them, with a sight to making inter-risk comparisons for purposes of their control and prevention. Information technology, as a technology with the fastest rate of development and application in all branches of business, requires adequate protection to provide high security. The focus of the safety analysis applied on an information system is to recognize and evaluate threats, vulnerabilities and safety characteristics. IT assets are uncovered to risk of harm or losses. IT security includes protecting information stored electronically. That protection implies data integrity, availability and confidentiality. According to“Risk Assessment of Information Technology Systems” (2009) risk assessment is the most critical part of Information Security Management (ISM).  Risk Management and Risk Assessment involves analysis, planning, implementation, control and monitoring of implemented measurements, and Risk Assessment, as part of Risk Management. It involves several processes: · Risk identification, · Relevant risk analysis, · Risk evaluation The main purpose of Risk Assessment is to make a choice whether a system is acceptable, and which measures would provide its acceptability. For every organization using IT in its business process it is important to conduct the risk assessment. Numerous threats and......

Words: 742 - Pages: 3

Pm 584 Qualitative Risk Assessment

...Quantitative Risk Assessment PM/584 October 2015 Deborah Reid Quantitative Risk Assessment The following paper will cover a revision to the Kudler Fine Foods newsletter with coupons for a promotional items project background clarifying the project scope, requirements, schedule, quality and constraints. This paper will also include an updated risk identification framework, qualified and quantified risk matrix, and prioritized risk register. Revised Project Background The basic project is the design of a monthly newsletter with coupons for promotional items using the current customer demographic database. The project timeline is 9 months with a budget of $75,000. The majority of the budget will be spent on securing a design agency, and printing and mailing of the newsletter. Some will be allocated to the maintenance and updating of the current database information. First Month: • As Kudler Fine Foods does not have the talent in house required to design the newsletter an external design agency will have to be utilized. This will require the publication of a Request for Proposals (RFPs) to be forwarded to design agencies. Once the RFP’s have been received a review by management and the project team will be required for the selection process, this should be accomplished within the first month of the project timeline. Second/Third Months • Once the design agency has been selected......

Words: 1060 - Pages: 5

Qualitative Risk Assessment

...Qualitative Risk Assessment Single loss expectancy (SLE): Total loss expected from a single incident Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year Annual loss expectancy (ALE): Expected loss for a year ALE = SLE X ARO Safeguard value: Cost of a safeguard or control Scenario: Richman Investments provides high-end smartphones to several employees. The value of each smartphone is $500, and approximately 1,000 employees have these company-owned devices. In the past year, employees have lost or damaged 75 smartphones. With this information, calculate the following: * SLE = _____500.00_______ * ARO = _____75______ * ALE = ____37,500.00________ Richman is considering buying insurance for each smartphone. Use the ALE to determine the usefulness of this safeguard. For example, Richman could purchase insurance for each device for $25 per year. The safeguard value is $25 X 1,000 devices, or $25,000. It is estimated that if the insurance is purchased, the ARO will decrease to 5. Should the company purchase the insurance? Determine the effectiveness of the safeguard: * Current ALE = _____37,500.00_________ * ARO with control = 5 * ALE with control = _5x500=2,500.00____________ * Savings with control = ___35,000.00________ (Current ALE - ALE with control) * Safeguard value (cost of control) = $25,000 * Realized savings = _35,000-27,500.00=7,500____________ (Savings with control -......

Words: 566 - Pages: 3

Quantitative Analysis

...BUSN311: Quantitative Methods and Analysis The qualitative data used in this analysis broke down the numbers between men and women employees of the American Intellectual Union (AIU). The demographics of men far outweighed the women in this job with 40 men verses the smaller number of 12 women. This particular data was collected to express the number of each gender both male and female employees. The results clearly demonstrate that this profession is heavily dominated by males. This data could potentially identify links in job satisfaction in any given profession. The purpose of this study was to identify contributing factors associated with job satisfaction or dissatisfaction of both male and female employees in the AIU by demographic characteristic (Cano, Miller). Gender Breakdown 40 Males 12 Females Mean 1.230769231 Median 1 Mode 1 Standard Deviation 0.425436 Sample Variance 0.180995 The quantitative methodology used in the study of employees of the American Intellectual Union was intrinsic. Depending on the type of information required for this study, a parameter must use a constant that is most appropriate for the study. In this case, the intrinsic data focused on the level of job satisfaction. The range was from 1-7 with 7 being the highest level of satisfaction and 1 being the least satisfied. The range in this study fell mostly......

Words: 529 - Pages: 3

Qualitative and Quantitative

...Qualitative and Quantitative Abstract Quantitative and qualitative research designs have many different points that lead them down different paths to achieve results. In this paper an argument will be presented to show a few of the differences among these designs. First the goal of investigation for both qualitative and quantitative research will be explained to give understanding of what the researcher hopes to find out. Then the data collection will be analyzed and compared to show the difference in results. Finally the focus the research of both designs will explain why they are effective and their downfalls in certain situations. Introduction Qualitative and qualitative research designs are respectably different in comparison along with the type of results found. Although qualitative research is rooted in the social sciences it is “research conducted in a natural setting that seeks to understand a complex human behavior by developing a complete narrative description of that behavior” (Davis & Smith, 2010, pp.50). Quantitative research on the other hand “is to determine the relationship between one thing (an independent variable) and another (a dependent or outcome variable) in a population” (Hopkins, W. G, 2008, pp.1). This paper will analyze the goal of the investigation, data collection, and focus of research on both qualitative and quantitative designs. These three issues concerning both research designs will be defined,......

Words: 1040 - Pages: 5

Risk Assessment

...large emphasis on financial risk assessments. The risk assessment process is needed to identify risks that need to be treated within an organization, as well as to provide strategies and methods that are most appropriate to treat these risks. Because many organizations are poorly aligned between their risk exposure and their risk appetite, it is important to engage in the risk assessment procedures. These procedures can help an organization prevent risk exposure and determine if their current operations will result in an increase or decrease of market value and owners’ wealth. As a result of the economic crisis, and the recent increase in corporate failures, organizations can now learn from the mistakes of others. This paper will discuss the mistakes that lead WorldCom, a telecom company that was once the fourth-ranked in Fortune 500, to bankruptcy in 2002, in an effort to demonstrate the importance of successful risk assessment and alignment implementation. Keywords: corporate failure, risk analysis, risk assessment, risk management, WorldCom Over the past years, and as a result of high profile firm failures, the economic crisis, and increased regulatory pressure, many organizations have placed a large emphasis on financial risk assessments. Risk assessment is the process where risk managers analyze the risks of an organization and identify risks that need to be treated (Tarantino & Cernauskas, 2011, p.47). In addition, a risk assessment provides strategies......

Words: 4331 - Pages: 18

Bill Goldberg | Read more | Inside Amy Schumer