What would be the Annualized Rate of Occurrence (ARO) of the threat “user input error”, in the case where a
company employs 100 data entry clerks and every one of them makes one input error each month?
A.
100
B.
120
C.
1
D.
1200
Explanation:
The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific
threat taking place within a 12-month timeframe.
In this question, the ARO of the threat “user input error” is the number of “user input errors” in a year.
We have 100 employees each making one user input error each month. That’s 100 errors per month. In a year,
that is 1200 errors (100 errors per month x 12 months).
Therefore, the annualized rate of occurrence (ARO) is 1200.
Incorrect Answers:
A: The annualized rate of occurrence (ARO) is not 100.
B: The annualized rate of occurrence (ARO) is not 120.
C: The annualized rate of occurrence (ARO) is not 1.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87