Countermeasures for Protecting a $1,000,000 Asset: Budget Calculation

What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%?

Prev Question Next Question

Question

What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The cost of a countermeasure should not be greater in cost than the risk it mitigates (ALE)

For a quantitative risk assessment, the equation is ALE = ARO x SLE where the SLE is calculated as the product of asset value x exposure factor.An event that happen once every five years would have an ARO of .2 (1 divided by 5)

SLE =Asset Value (AV) x Exposure Fact (EF) SLE =1,000,000x.30= 300,000 ALE =SLExAnnualized Rate of Occurance (ARO) ALE = 300,000x.2= 60,000 Know your acronyms: ALE -- Annual loss expectancy - ARO -- Annual rate of occurrence SLE -- Single loss expectancy - The following are incorrect answers: $300,000 is incorrect.

See the explanation of the correct answer for the correct calculation.

$150,000 is incorrect.

See the explanation of the correct answer for the correct calculation.

$1,500 is incorrect.

See the explanation of the correct answer for the correct calculation.

Reference(s) used for this question: Mc Graw Hill, Shon Harris, CISSP All In One (AIO) book, Sixth Edition , Pages 87-88 and Official ISC2 Guide to the CISSP Exam, (OIG), Pages 60-61

To determine the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%, we can use the following formula:

Annualized Loss Expectancy (ALE) = ARO x SLE Where SLE (Single Loss Expectancy) = Asset Value x EF

So, for this scenario:

  • Asset Value = $1,000,000
  • Exposure Factor = 30% (or 0.3)
  • ARO = once every five years (or 0.2)

SLE = Asset Value x EF SLE = $1,000,000 x 0.3 SLE = $300,000

ALE = ARO x SLE ALE = 0.2 x $300,000 ALE = $60,000

Therefore, the company should spend at most $60,000 annually on countermeasures to protect the asset from the given threat. The correct answer is C. $60,000.

Prev Question Next Question