Full Asset Report
QWE (40.0%)
QWE (60.0%)
Figure 9.9
2.2.10Personnel
Asset |
Replacement Cost |
Percentage of Total |
PERS |
$2,000. |
100.0% |
Figure 7.10
This information about replacement costs is presented below as a barchart.
2,000 PERS 
25 |
50 |
75 |
100 |
125 |
150 |
175 |
200 (x 10) |
Dollars
Figure 8.10
2.2.11System Software
Asset |
Replacement Cost |
Percentage of Total |
HELPMEPLEASE |
$7,500. |
100.0% |
Figure 7.11 |
|
|
This information about replacement costs is presented below as a barchart.
5
7,500 ELPMEPLEASE 
1 |
2 |
3 |
4 |
5 |
6 |
7 (x 1,000) |
Dollars
Full Asset Report
Figure 8.11
2.2.12Utilities
Asset |
Replacement Cost |
Percentage of Total |
42 |
$0. |
0.0% |
42 |
$0. |
0.0% |
Figure 7.12
Full Threat Report |
1 |
3.2 INCIDENTS INVOLVING EACH THREAT
Each Incident is defined as triple of the form <threat, loss category, asset category>. By doing things this way it is possible to separate the various forms of loss that a given threat may cause to the enterprise as the result of acting on the same asset category.
The sections below look at each threat and indicate the various incidents that were associated with it in the analysis. For each incident, a table is presented (FIGURES 13.1, 13.2, ...) indicating its SLE and ALE (where the ALE is generated by multiplying the SLE for the incident by the AFE of the threat). The overall ALE for a threat is the sum of the ALEs for each of the associated incidents. This is shown as the total of the third column. The percentage of this total represented by the ALE for each incident is indicated in the fourth column.
Also shown for each threat is a barchart that provides a visual presentation of the relative magnitudes of the ALE for each incident. These are shown as FIGURES 14.1, 14.2, ....
Piecharts are then also provided that indicate the percentage of each threat ALE that is accounted for by each incident that is used in its calculation.
3.2.1Blackmail - AFE: 0.05
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Personnel |
$20. |
$1. |
0.0% |
Figure 13.1 |
|
|
|
20 Direct, Personnel 
2 |
4 |
6 |
8 |
10 |
12 |
14 |
16 |
18 |
20 |
Dollars
Figure
16.1Blackmail - SLE's
3.2.2Budget Loss - AFE: 0.50
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disclosure, Databases |
$25,000. |
$12,500. |
100.0% |
Figure 13.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12,500 |
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 11 |
12 (x 1,000) |
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 14.2 |
Budget Loss - ALE's |
||||||||
Full Threat Report |
|
|
2 |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
25,000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
25 |
50 |
75 100 125 150 175 200 225 250 (x 100) |
||||||||||||||||||
Dollars
Figure 16.2 Budget Loss - SLE's
3.2.3Cold/Frost/Snow - AFE: 5.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disclosure, Databases |
$12,500. |
$62,500. |
100.0% |
Figure 13.3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
62,500 |
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
5 |
10 15 20 25 30 35 40 45 50 |
55 60 (x 1,000) |
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 14.3 |
Cold/Frost/Snow - ALE's |
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12,500 |
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 12 (x 1,000) |
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 16.3 |
Cold/Frost/Snow - SLE's |
||||||||||
3.2.4Data Destruction - AFE: 20.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disclosure, Databases |
$250,000. |
$5,000,000. |
98.9% |
Direct Loss, Databases |
$2,751. |
$55,027. |
1.1% |
Figure 13.4
5,000,000 Disclosure, Databases 
5 |
10 |
15 |
20 |
25 |
30 |
35 |
40 |
45 |
50 (x 100,000) |
Dollars
Full Threat Report |
3 |
|||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
55,027 |
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Direct, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
5 |
10 15 20 25 30 35 40 45 50 55 (x 1,000) |
|||||||||||||||||||
Dollars
Figure 14.4 Data Destruction - ALE's
Direct, Databases
(1.1%)
Disclosure, Databases (98.9%)
Figure 15.4 Data Destruction - ALE's
250,000 Disclosure, Databases 
25 |
50 |
75 |
100 |
125 |
150 |
175 |
200 |
225 |
250 (x 1,000) |
Dollars
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2,751 |
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Direct, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
25 |
50 |
75 |
100 125 150 175 200 |
225 250 275 (x 10) |
|||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 16.4 |
Data Destruction - SLE's |
||||||||
3.2.5Data Disclosure - AFE: 3.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Disclosure, Databases |
$1,938. |
$5,813. |
100.0% |
Figure 13.5 |
|
|
|
Full Threat Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4 |
||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5,813 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||
5 |
|
|
10 |
15 |
20 |
25 |
30 |
35 |
40 |
45 |
50 |
|
55 (x 100) |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
||
Figure 14.5 Data Disclosure - |
|
|
ALE's |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1,938 |
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
Disclosure, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||
25 |
|
|
50 |
|
|
75 |
|
100 |
|
|
125 |
|
150 |
|
|
175 (x 10) |
|||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 16.5 |
Data Disclosure - SLE's |
|||||||||||||
3.2.6Data Integrity Loss - AFE: 3.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
|
SLE |
ALE |
% of total ALE |
|
Direct Loss, Accounts Receivable |
|
$5,526. |
$16,576. |
27.8% |
|
Direct Loss, Applications |
|
$5,507. |
$16,523. |
27.7% |
|
Disclosure, Personnel |
|
$4,500. |
$13,500. |
22.7% |
|
Direct Loss, Communications Software |
$2,723. |
$8,171. |
13.7% |
|
|
Direct Loss, System Software |
|
$817. |
$2,451. |
4.1% |
|
Direct Loss, Databases |
|
$640. |
$1,921. |
3.2% |
|
Direct Loss, Accounts Payable |
|
$147. |
$443. |
0.7% |
Disclosure, |
Databases |
$0. |
$0. |
0.0% |
|
|
Figure 13.6
Direct, Accts Rec
Direct, Applicatns
Disclosure, Personnel
Direct, Comms S/W
Direct, System S/W
Direct, Databases
|
|
|
|
|
16,576 |
|
|
|
|
|
16,523 |
|
|
|
|
|
13,500 |
|
|
|
|
|
8,171 |
|
|
|
|
|
2,451 |
|
|
|
|
|
1,921 |
25 |
50 |
75 |
100 |
125 |
150 (x 100) |
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
443 |
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Direct, Accts Pay |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
5 |
10 |
15 |
20 |
25 |
30 |
35 |
40 (x 10) |
||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 14.6 |
Data Integrity Loss - ALE's |
|||||||||
Full Threat Report |
5 |
Direct, Accts Rec |
Direct, Comms S/W (13.7%) |
(27.8%) |
|
Disclosure, Personnel (22.7%)
Direct, Applicatns
(27.7%) 4 Others (8.1%)
Figure 15.6 Data Integrity Loss |
- |
ALE's |
|
|
|
|
|
|
|
|
|
|
|||
|
Direct, Accts Rec |
|
|
|
|
|
|
|
|
|
|
|
|
|
5,526 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Direct, Applicatns |
|
|
|
|
|
|
|
|
|
|
|
|
|
5,507 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Disclosure, Personnel |
|
|
|
|
|
|
|
|
|
|
|
|
|
4,500 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Direct, Comms S/W |
|
|
|
|
|
|
|
|
|
|
|
|
|
2,723 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Direct, System S/W |
|
|
|
|
|
|
|
|
|
|
|
|
|
817 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Direct, Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
640 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Direct, Accts Pay |
|
|
|
|
|
|
|
|
|
|
|
|
|
147 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
|
10 |
15 |
20 |
25 |
30 |
35 |
40 |
45 |
50 |
55 (x 100) |
||
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 16.6 |
Data Integrity Loss |
- |
SLE's |
|||||
3.2.7 |
Flooding/Water Damage |
- |
AFE: 0.01 |
|
|
|
|
|
|
|
|
|
|
||
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Communications Hardware |
$10,001. |
$100. |
93.5% |
Direct Loss, Office Equipment |
$625. |
$6. |
5.8% |
Disclosure, Databases |
$250. |
$3. |
2.3% |
Figure 13.7
100 Direct, Comms H/W 
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 (x 10) |
|
|
|
|
Dollars |
|
|
|
|
|
Full Threat Report |
6 |
6
Direct, Off Equip
3
Disclosure, Databases
|
1 |
|
2 |
3 |
4 |
|
|
|
|
Dollars |
|
Figure 14.7 |
Flooding/Water Damage |
- |
ALE's |
|
|
5 |
6 |
Disclosure, Databases
(2.8%)
Direct, Off Equip
(5.5%)
Direct, Comms H/W (91.7%)
Figure 15.7 Flooding/Water Damage - ALE's
10,001 Direct, Comms H/W 
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 (x 1,000) |
Dollars
625
Direct, Off Equip
250
Disclosure, Databases
5 10 15 20 25 30 35 40 45 50 55 60 (x10)
Dollars
Figure 16.7 Flooding/Water Damage - SLE's
3.2.8Hardware Failure - AFE: 70.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total ALE |
Direct Loss, Hardware |
$375,000. |
$26,250,000. |
100.0% |
Full Threat Report |
|
|
|
|
|
|
|
|
|
|
7 |
|||||||||||
Disclosure, Databases |
$0. |
|
$0. |
0.0% |
|
|
|
|
|
|
||||||||||||
Figure 13.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
26,250,000 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Direct, Hardware |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
25 |
50 75 100 |
125 150 |
175 200 |
225 250 (x 100,000) |
||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 14.8 |
Hardware Failure - ALE's |
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
375,000 |
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Direct, Hardware |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
5 |
10 |
15 |
20 |
25 |
30 |
35 (x 10,000) |
|||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 16.8 |
|
Hardware Failure - SLE's |
||||||
3.2.9Pirating Key Personnel - AFE: 1.00
The various incident classes associated with this threat are shown in the following table:
There are no incidents associated with this threat.