Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Sara do to address the risk?
A.
Accept the risk saving $10,000.
B.
Ignore the risk saving $5,000.
C.
Mitigate the risk saving $10,000.
D.
Transfer the risk saving $5,000.
D.
Transfer the risk saving $5,000.
0
0
why is the answer D. Transfer the risk saving $5,000.
0
0
Annual Loss Expectancy = Annual Rate of Occurrence * Single Loss Expectancy
Single Loss Expectancy = Exposure Factor * Asset Value
4 security breaches during the past two years ~ 2 breaches per year
Single loss Expectancy = $3000 per breach >> $6000 per year
For next 5 years = 5 years * $6000 per year = $30,000
$30000 – $25000=$5000; are you transferring the risk or ignoring the risk
Answer D is correct and logical. ” Think of it “…Risk Transfer…” in terms of businness sense.
0
0
Thank you for your detailed answer
0
0
In risk management jargon transference should equal insurance. Therefore this example is talking about mitigation saving $5K but I guess transfer is closer because if the hole is repaired it wasn’t ignored.
0
0
Transfer risk to whom?
This risk is still on the company.
I think B is closer but is not so closer too.
0
0
The real answer would be accept the risk, saving $5,000, but that is not a choice. There is no one to “transfer” the risk to here. So the correct answer has to be B. Ignore the risk and save the $5,000 (ignoring a risk is basically the same as accepting a risk)
0
0