Assume that a year has passed and XYZ has improved security by
applying several controls. Using the information from the question
above, and the following table, calculate the Post-Control ARO and
ALE for each threat category listed.
Determine whether the proposed control is worth the costs.
Solution:-
You need to assume that the values in the Cost of Control column presented in the table forExercise 5 are those unique costs directly associated with protecting against that threat. Inother words, don’t worry about overlapping costs between controls. Calculate the CBA forthe planned risk control for each threat category.
For each threat category, determine if the proposed control is worth the costs – list the threatswhose control is worth the cost below the table.
I added a column in my chart that said if the proposed control was worth the cost or not
Get Answers For Free
Most questions answered within 1 hours.