Software technologies and protocols

Q1.

What is the cost of the loss of data availability to the organization? Give two own examples of threats to data availability.

 

Q2.

The goal of a risk tolerance is to weighs the probable cost of compromises against the costs of security measures. We need to compare two different scenarios of security measures and their related risk. Complete the following table and conclude about which security measure is the best.

 

Base caseSecurity measure ASecurity measure B
Asset Value (AV)100,000 SAR100,000 SAR100,000 SAR
Exposure Factor (EF)80%20%80%
Single Loss Expectancy (SLE): = AV*EF
Annualized Rate of Occurrence (ARO)50%50%25%
Annualized Loss Expectancy (ALE):= SLE*ARO
ALE Reduction for security measuresNA
Annualized security measures CostNA17,000 SAR4,000 SAR
Annualized Net security measures ValueNA

Note that the ALE Reduction for security measures = the Annualized Loss Expectancy (ALE) without security measure – the Annualized Loss Expectancy (ALE) with security measure.

 

Q3.

Information owners are responsible for classifying data and systems. Suppose you have a savings account at XYZ Bank that may contain your Account number, user ID, Password, residential ID, balance amount detail and transaction details. The bank staff in the bank use that information to service you with care.

 

Q4.

In a Private sector (commercial), the information system contains the following information:

Employee lists, Laboratory research, Payment card information, Organizational announcement, Product documentation, financial positions, annual reports, financial account numbers.

What type of classification commonly used by the Private sector? Where to fit the above mentioned information under the Private sector classification?

 

Who is the owner of above specified bank account information? Specify the different process of information owner begins with classification of information and ends with declassification.

 

Last Updated on February 10, 2019