# (Solved): below demonstrates partial information about these calculations. Threat category SLE Rate of freque ...

below demonstrates partial information about these calculations. Threat category SLE Rate of frequency ARO ALE 1. Internal hardware failure \$5,000 1 per week 52 \$260,000 2. DDoS attack \$75,000 1 per year 1 \$75,000 3. Phishing attack \$500 1 per week 52 \$26,000 4. City-wide power outage \$2,500 1 per quarter 4 \$10,000 5. Employee vandalism \$5,000 1 per 6 months 2 \$10,000 6. Brute-force attack \$500 1 per month 12 \$6000 7. Data manipulation \$5,000 1 per year 1 \$5000 8. Ransomware \$1,500 1 per week 52 \$78,000 9. Eavesdropping \$2,500 1 per quarter 4 \$10,000 10. Tornado \$250,000 1 per 20 years 0.05 \$12,500Using the following formula to perform a cost - benefit analysis ( CBA ) , ?the company is calculating whether investing in this risk control technology ( NGFW ) , ?which costs \$ 6 , 000 ?annually, is cost - effective to mitigate the attack. A positive CBA number indicates a cost - effective investment, and a negative number indicates a poor investment. CBA = ?ALE ( pre - control ) – ?ALE ( post - control ) – ?ACS Where, • ?ALE ( pre - control ) = ?the annualized loss expectancy of the risk before the implementation of the risk control • ?ALE ( post - control ) = ?the ALE examined after the risk control has been in place for a period of time • ?Annual Cost ( ACS ) = ?the annual cost of the risk control Based on the formula, what is the CBA in this scenario? Is it cost - effective for the company to invest in this security technology? Explain your reasoning.

We have an Answer from Expert