Full Asset Report |
5 |
7,500
456
1 |
2 |
3 |
4 |
5 |
6 |
7 (x 1 ,000 ) |
|
|
|
Dollars |
|
|
|
Figure 8.6
2.2.7 Documentation
Asset |
Replacement Cost Percentage |
|
of Total OI |
$10,000. 100.0% |
|
Figure 7.7
This information about replacement costs is presented below as a barchart.
10,000
OI
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 (x 1 ,000) |
Dollars
Figure 8.7
2.2.8 Hardware
Asset |
Replacement Cost Percentage |
|
of Total HARD |
$25,000. 100.0% |
|
Figure 7.8
This information about replacement costs is presented below as a barchart.
25,000
HARD
25 |
50 |
75 100 125 150 |
175 200 225 250 (x 100) |
|
|
Dollars |
|
Figure 8.8
2.2.9 Office Equipment
Asset |
Replacement Cost |
Percentage |
of Total QWE |
$7,500. 60.0% |
|
QWE |
$5,000. |
40.0% |
Figure 7.9
This information about replacement costs is presented below as a barchart.
Full Asset Report |
6 |
7,500
QW
5,000
E
QW
E
1 |
2 |
3 |
4 |
5 |
6 |
7 (x 1 ,000 ) |
|
|
|
Dollars |
|
|
|
Figure 8.9
The percentage of the total replacement cost for this category that is contributed by each asset is indicated in the following diagram.
QWE (40.0%)
QWE (60.0%)
Figure 9.9 |
|
|
2.2.10 |
Personnel |
|
Asset |
Replacement |
Percentage of |
|
Cost |
Total |
PERS |
$2,000. |
100.0% |
Figure 7.10
This information about replacement costs is presented below as a barchart.
2,000
PERS
25 |
50 |
75 |
100 |
125 |
150 |
175 |
200 (x 10 ) |
Dollars
Figure 8.10
Full Asset Report |
7 |
|
2.2.11 |
System Software |
|
Asset |
Replacement Cost Percentage |
|
of Total HELPMEPLEASE |
$7,500. |
|
|
100.0% |
|
Figure 7.11
This information about replacement costs is presented below as a barchart.
Full Asset Report |
8 |
7,500
LPMEPLEASE
1 |
2 |
3 |
4 |
5 |
6 |
7 (x 1 ,000 ) |
|
|
|
Dollars |
|
|
|
Figure 8.11
2.2.12 Utilities
Asset |
Replacement Cost |
Percentage of Total |
42 |
$0. |
0.0% |
42 |
$0. |
0.0% |
Figure 7.12
Full Threat Report |
1 |
3.2 INCIDENTS INVOLVING EACH THREAT
Each Incident is defined as triple of the form <threat, loss category, asset category>. By doing things this way it is possible to separate the various forms of loss that a given threat may cause to the enterprise as the result of acting on the same asset category.
The sections below look at each threat and indicate the various incidents that were associated with it in the analysis. For each incident, a table is presented (FIGURES 13.1, 13.2, ...) indicating its SLE and ALE (where the ALE is generated by multiplying the SLE for the incident by the AFE of the threat). The overall ALE for a threat is the sum of the ALEs for each of the associated incidents. This is shown as the total of the third column. The percentage of this total represented by the ALE for each incident is indicated in the fourth column.
Also shown for each threat is a barchart that provides a visual presentation of the relative magnitudes of the ALE for each incident. These are shown as FIGURES 14.1, 14.2, ....
Piecharts are then also provided that indicate the percentage of each threat ALE that is accounted for by each incident that is used in its calculation.
3.2.1 Blackmail - AFE: 0.05
The various incident classes associated with this threat are shown in the
following table: Incident Class |
SLE |
ALE % of total ALE |
|
Direct Loss, Personnel |
$20. |
$1. |
0.0% |
Figure 13.1
20
Direct, Personnel
2 |
4 |
6 |
8 |
10 |
12 |
14 |
16 |
18 |
20 |
|
|
|
|
Dollars |
|
|
|
|
|
Figure 16.1 Blackmail - |
SLE'sGY |
|
|
|
|
|
|
|
|
3.2.2 Budget Loss - |
AFE: 0.50 |
|
|
|
|
|
|
|
|
The various incident classes associated with this threat are shown in
the following table: Incident Class SLE |
ALE |
% of total ALE |
Disclosure, Databases |
|
|
$25,000. $12,500. |
|
|
100.0% Figure 13.2 |
|
|
12,500
Disclosure, Databases
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 10 11 12 (x 1,000) |
Dollars
Figure 14.2 Budget Loss - ALE's
Full Threat Report |
2 |
25,000
Disclosure, Databases
25 |
50 |
75 100 125 150 |
175 200 225 250 (x 100) |
|
|
Dollars |
|
Figure 16.2 Budget Loss |
- |
SLE's |
|
Full Threat Report |
3 |
3.2.3 Cold/Frost/Snow - AFE: 5.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total |
|
|
|
ALE |
Disclosure, |
$12,500 |
$62,500 |
100.0% |
Databases |
. |
. |
|
Figure 13.3 |
|
|
|
62,500
Disclosure, Databases
5 10 15 |
20 25 30 35 40 45 50 55 60 (x 1,000) |
|
Dollars |
Figure 14.3 Cold/Frost/Snow - |
ALE's |
12,500
Disclosure, Databases
1 2 |
3 |
4 5 6 7 8 9 10 11 12 (x 1,000) |
|
|
Dollars |
Figure 16.3 Cold/Frost/Snow |
- |
SLE's |
3.2.4 Data Destruction - AFE: 20.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total |
|
|
|
ALE |
Disclosure, |
$250,000. |
$5,000,00 |
98.9% |
Databases |
|
0. |
|
Direct Loss, |
$2,751. |
$55,027 |
1.1% |
Databases |
|
. |
|
Figure 13.4
5,000,000
Disclosure, Databases
5 |
10 |
15 |
20 |
25 |
30 |
35 |
40 |
45 |
50 (x 100 ,000 ) |
Dollars
55,027
Direct, Dat abases
Full Threat Report |
|
4 |
5 10 15 |
20 |
25 30 35 40 45 50 55 (x 1 ,000) |
|
|
Dollars |
Figure 14.4 Data Destruction |
- |
ALE's |
Full Threat Report |
5 |
Direct, Dat abases (1.1%)
Disclosure, Databases (98.9%)
Figure 15.4 Data Destruction - ALE's
250,000
Disclosure, Databases
25 |
50 |
75 100 125 150 175 200 225 250 (x 1,000) |
|
|
Dollars |
2,751
Direct, Dat abases
25 |
50 |
75 |
100 |
125 150 175 200 225 250 275 (x 10 ) |
|
|
|
|
Dollars |
Figure 16.4 Data Destruction |
- |
SLE's |
||
3.2.5 Data Disclosure |
- |
AFE: 3.00 |
||
The various incident classes associated with this threat are shown in
the following table: Incident Class SLE ALE |
% of total ALE |
Disclosure, Databases |
|
$1,938. $5,813. |
|
100.0% Figure 13.5 |
|
5,813
Disclosure, Databases
5 |
10 15 20 25 30 35 |
40 45 50 55 (x 100 ) |
|
Dollars |
|
Figure 14.5 Data Disclosure - ALE's
Full Threat Report |
6 |
1,938
Disclosure, Databases
25 |
50 |
75 |
100 |
125 |
150 |
175 (x 10 ) |
Dollars
Figure 16.5 Data Disclosure - SLE's
3.2.6 Data Integrity Loss - AFE: 3.00
The various incident classes associated with this threat are shown in the following table:
Incident Class |
SLE |
ALE |
% of total |
|
|
|
ALE |
Direct Loss, Accounts |
$5,526. |
$16,576 |
27.8% |
Receivable |
|
. |
|
Direct Loss, Applications |
$5,507. |
$16,523 |
27.7% |
|
|
. |
|
Disclosure, Personnel |
$4,500. |
$13,500 |
22.7% |
|
|
. |
|
Direct Loss, Communications |
$2,723. |
$8,171. |
13.7% |
Software |
|
|
|
Direct Loss, System Software |
$817. |
$2,451. |
4.1% |
Direct Loss, Databases |
$640. |
$1,921. |
3.2% |
Direct Loss, Accounts Payable |
$147. |
$443. |
0.7% |
Disclosure, Databases |
$0. |
$0. |
0.0% |
Figure 13.6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
16,576 |
||
Direct, Accts |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
16,523 |
|||||||||
Rec Direct, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
Applicatns |
|
|
|
|
|
|
|
|
|
|
|
|
|
13,500 |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8,171 |
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
Disclosure, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2,451 |
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
Personnel Direct, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1,921 |
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
Comms S/W |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
Direct, System S/W |
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
Direct, Dat abases |
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
25 |
50 |
75 |
100 |
125 |
150 (x 100) |
||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
Dollars |
|
|
|
|
|
|
|
443
Direct, Accts Pay
5 |
10 |
15 |
20 |
25 |
30 |
35 |
40 (x 10) |
|
|
|
|
Dollars |
|
|
|
Figure 14.6 Data Integrity Loss |
- ALE's |
|
|
|
|||