Synthesize financial and business risk in order to develop long and short term strategic plans.

timer Asked: Feb 9th, 2019
account_balance_wallet $30

Question Description


Information assets are constantly being attacked, and information security has become a high priority for organizations. The big question that many organizations are asking is how much security do they need? In short, organizations are struggling with finding the right amount of financial resources to invest in cybersecurity. What is the right investment for cybersecurity? Is more necessarily better when it involves protecting digital assets? Overinvesting in cybersecurity will reduce revenue and create unhappy shareholders, and underinvesting can have negative effects on the organization. In this assignment, you will evaluate risk and use financial tools to invest in security solutions. You will use several financial formulas.

Assignment Instructions

For this Assignment, you will work through four mini-scenarios that consist of financial investing and risk identification.

Scenario 1: Return on Investment (ROI)

ROI is used to decide where to invest financial assets. The finance group of a company may use ROI to decide whether to fund project A or project B. The formula for calculating ROI is given below.

ArmCPU company manufactures memory chips. The company wants to expand production to a faster memory chip which will cost $2M. This new chip is expected to bring $6M over the next three years. What is the ROI? Use approximately 100 words to explain your answer.

Scenario 2: Return on Security Investment (ROSI)

Security investment is a little more complex. There are no tangible gains in investment directed at information security. The return is measured on risk avoidance. The formula for calculating ROSI is given below.

ArmCPU has been attacked by the BAD-VIRUS before. The damage as a result of the BAD-VIRUS in 2017 was $52,000 for all occurrences and all users. The implementation of an anti-virus solution was $25,000 for all of its users. The anti-virus solution worked 75% of the time on BAD-VIRUS.

Identify the following from the data given:

What is the Risk Exposure?

What is the percentage of risk mitigated?

How much did the solution Cost?

Compute ROSI?

Do think that anti-virus solution is worth the investment? Use approximately 150 words to explain your answer.

Scenario 3: Quantifying Risk Exposure

Before we look at an equation to calculate Risk Exposure (RE) on an annual basis (ALE), let me point out that the equation for Risk Exposure uses two variables - Single Lost Exposure (SLE) and Annual Rate of Occurrence (ARO). ALE is the product of these two variables. The equation for ALE is given below.

Suppose the ARO is 0.5 (once in two years) and the SLE is $10,000. Compute the ALE. Use approximately 50 words to explain what this value means.

Scenario 4: Complex Problem Using ALE

Definition of vulnerability, threat and risk of problem #4

  1. Vulnerability – No backup
  2. Threat – A Laptop failure
  3. Risk – Data Loss

What is the asset in this problem?

Suppose the asset is worth $50,000. The Single Lost Expectancy (SLE) is computed by multiplying the Actual Value by the Exposure Factor

In our case, the SLE = Actual Value (AV) X Exposure Factor (EF). The Exposure Factor is the loss that can occur as a result of the threat. For problem #4, we are going to assume that the SLE is $10,000.

What is EF?

We are going to keep the ARO (the frequency of the threat every year) as .5 assuming that the laptop crashes once every two years.

Compute the ALE. Remember

Generally, the equation below is used to decide whether to implement a particular mitigation strategy

Mitigation Investment (M1) = ALE1 (before the Mitigation Investment) – ALE2 (after the Mitigation Investment) – Total Cost of implementing the mitigation strategy (TC).

Suppose the cost of completing and maintaining a backup for a laptop is $400 and the ALE2 is $1000. What should be the allowable investment for this security risk? Use approximately 200 words to explain your answer.

Assignment Requirements

In a Word® document, supply all of your answers for the scenarios given. Be sure to answer all questions. Cite all sources in APA style where applicable.

For more information on APA style formatting, go to APA Style Central under Academic Resources of this course or visit the Writing Center.

Also review the university policy on plagiarism. If you have any questions, please contact your professor.

Unformatted Attachment Preview

IT592 Unit 3 Assignment Grading Rubric = 100 points Assignment Requirements Points Possible Scenario 1: Calculated ROI and used approximately 100 words explaining your answer. 0-10 Scenario 2: Risk exposure, percentage of risk mitigated, cost of solution and ROSI present. 0-15 Explained whether you think that anti-virus solution is worth the investment in approximately 150 words. 0-15 Scenario 3: Annual Loss Expectancy (ALE) was computed and approximately 50 words were used to explain what the ALE value means. 0-15 Scenario 4: The asset in the problem scenario was identified. 0-10 Exposure Factor (EF) and ALE was present. 0-15 The allowable investment for this security risk was explained in at least 200 words. 0-20 Total (Sum of all points) Less deduction taken for spelling, grammar, and APA errors. Plagiarism is totally unacceptable. New total after deductions Points Earned ...
Purchase answer to see full attachment

Tutor Answer

School: UCLA

Find attached. Th


Synthesize financial and business risk
Institution Affiliation

Scenario 1:
ROI which is the return on investment is calculated by dividing the net return benefit by the sum
invested. The net return benefit is attained by subtracting the total cost of expansion from return
benefit. ROI = (6-2)/2*100= 200, therefore the 2 million investment will attract a 200%. The
project should be undertaken because the ROI is high. The higher the return on investment the
better for the company as it is an indicator of high returns. ArmCPU company move to expand
production to a faster memory will yield good returns and therefore a viable option to be

Scenario 2:

What is the Risk Exposure?

The risk exposure in the scenario is the damage cost of $52,000 that ArmCPU Company
is exposed to as a result of BAD-VIRUS.


flag Report DMCA

Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors