Your company sells Apple iPods online and has suffered man y denial-of-service (DoS ) attacks. Your company makes an average $20,000 profit per week, and a typical DoS attack lowers sales by 40%. You suffer seven DoS attacks on average per year. A DoS-mitigati on service is available for a subscription fee of $10,000/ month. You have tested this service, and believe it will mitigate the attacks. What is the annualized loss expectancy (ALE) of lost iPod sales due to the DoS attacks?
A.
$20,000
B.
$8000
C.
$84,000
D.
$56,000
Explanation:
D: Answer D is correct; Annualized Loss Expect ancy (ALE) is calculated by first calculating the Single Loss Expectancy (SLE), which is the Asset Value (AV, $20,000) times the Exposure Fact or (EF,40%) . The SLE is $8000; multiply by the Annual rate of Occurrence (ARO, 7) for an ALE of $56,000.
Answers A , B , and C are incorrect. $20,000 is the Asset Value. $8000 is the Single Loss Expectancy.
Most ALE questions involve an “asset value” like a server worth $150,000. What is the asset value here? We have $20,000 profit per week – shouldn’t this be annualized (20,000 * 52) since the ARO is annualized?
1
0
I was thinking the same thing. Would anyone like to elaborate, or is this just a bad question?
0
0