Safeguard: Quality Assurance
-
Threat
Original ALE
ALE with Safeguard
Percentage Drop
Data Integrity Loss
$59,584.
$53,627.
10.00%
Safeguard: Risk Analysis
-
Threat
Original ALE
ALE with Safeguard
Percentage Drop
Data Destruction
$5,055,028.
$5,049,525.
0.11%
-
Data Disclosure
$5,813.
$5,232.
9.99%
Data Integrity Loss
$59,584.
$54,977.
7.73%
Safeguard: Security Policy
-
Threat
Original ALE
ALE with Safeguard
Percentage Drop
Data Destruction
$5,055,028.
$4,796,256.
5.12%
Data Disclosure
$5,813.
$4,703.
19.10%
Data Integrity Loss
$59,584.
$52,058.
12.63%
The following is a table indicating, for each safeguard, the ALE before (Original ALE) and after the safeguard is implemented (ALE with Safeguard). This table also indicates the difference between the two ALE values.
Also shown is a barchart that provides a visual presentation of the difference in ALE for each safeguard.
-
Safeguard
Original ALE
ALE with Safeguard
Difference
Physical Access Control
$31,445,536.
$31,409,712.
$35,824.
Application Controls
$31,445,536.
$30,940,033.
$505,503.
Classification Markings
$31,445,536.
$31,443,182.
$2,354.
Contract Specifications
$31,445,536.
$31,445,536.
$0.
Data Encryption
$31,445,536.
$28,900,174.
$2,545,362.
Detection System
$31,445,536.
$31,431,094.
$14,442.
Life Cycle Management
$31,445,536.
$31,445,189.
$347.
Passwords/Authenticaion
$31,445,536.
$31,445,463.
$73.
Personnel Clearances
$31,445,536.
$31,436,806.
$8,730.
Personnel Control
$31,445,536.
$31,445,451.
$85.
Quality Assurance
$31,445,536.
$31,439,578.
$5,958.
Risk Analysis
$31,445,536.
$31,434,844.
$10,692.
Security Policy
$31,445,536.
$31,178,127.
$267,409.
Data
Encryption
Application
Cont rols
Security
Policy
25 50 75 100 125 150 175 200 225 250 (x 10 ,000 )
Dollars
Physical
Access Control
Detection
Syst
em
Risk
Analysis
Personnel
Clearances
Quality
Assurance
Classification Markings
25 50 75 100 125 150 175 200 225 250 275 300 325 350 (x 100)
Dollars
Life
Cycle Management
Personnel
Control
Passwords/Aut
henticaion
25 50 75 100 125 150 175 200 225 250 275 300 325
Dollars
Instructions for preparing Final Reports.
In Phase 4, there are many different reports that can be generated. To facilitate the assembly of these smaller specialized reports into a single "Final Report" for submission to management, provision is made to attach the name of each selected report file (each is a .WRI file) to a list that is made available to the analyst at the end of the reporting phase, Phase 4.
A couple of points must be kept in mind when the final report is assembled; it is assumed that a word processor will be used to prepare the Final Report and the following are tasks and ideas that are within the purview of most word processors:
On the parameter screen in Phase 1, you indicated that the sensitivity level of the system being analyzed is 1. Because reports that deal with a system must bear markings that indicated that the report is of a similar level of sensitivity, you are warned that the word processor used in the assembly process must also be used to indicate, as both Headers and Footers, this level of sensitivity on EVERY page;
There is no provision in the RiskWatch system for the title page or pages that come before paragraphs, sections, or diagrams. The analyst wishing these must provide them himself using the facilities of the word processor employed;
The ordering of sections is left to the discretion of the analyst - some people prefer to have the Executive Summary as the very first section, even preceding the Table of Contents, while others may wish to have their Table of Contents immediately following the Cover page;
Because of the strong possibility that different enterprises will opt to assemble different pieces (sub-reports) into their respective Final Reports, the Table of Contents for the Final Report is left to the analyst, using the power of a modern word processor.
In the text provided by RiskWatch as part of the reports that embody the results of the analysis and the initial data, there are several sections that are enclosed in triple square brackets (that is, [[[ and
]]] ). All text that is between these braces is given SOLELY as a guide to suggested text to surround the numbers that form the basis of the reports. The text serves no other purpose. Please replace this text with other text that is more appropriate to your enterprise.