
Annualized Rate Occurrence (ARO):
Annualized Rate Occurrence is the estimated frequency at which a given threat is expected to happen.
ARO can be calculated by using the following formula:
Annualized Loss Expectancy (ALE):
Annualized loss expectancy is the loss expected from the attack of a specific information asset which has been carried over for a year. It is a product of single loss expectancy and the annualized rate of occurrence.
ALE can be calculated by using the following formula:

Explanation of Solution
Calculate ARO for Programmer mistakes:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for programmer mistakes is “52 (approximately)”.
Calculate ARO for Loss if intellectual property:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per year)” as “365” in the equation (1).
Hence, the ARO for Loss if intellectual property is “1 (approximately)”.
Calculate ARO for Software Piracy:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for Software Piracy is “52 (approximately)”.
Calculate ARO for Theft of information (hacker):
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per quarter)” as “
Hence, the ARO for Theft of information (hacker) is “4 (approximately)”.
Calculate ARO for Theft of information (employee):
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 6 months)” as “
Hence, the ARO for Theft of Theft of information (employee) is “2 (approximately)”.
Calculate ARO for Web defacement:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per months)” as “
Hence, the ARO for Web defacement is “12 (approximately)”.
Calculate ARO for Theft of equipment:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per year)” as “365” in the equation (1).
Hence, the ARO for Theft of equipment is “1 (approximately)”.
Calculate ARO for Viruses, worms, Trojan Horses:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for Viruses, worms, Trojan Horses is “52 (approximately)”.
Calculate ARO for Denial-of-service attacks:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per quarter)” as “
Hence, the ARO for Denial-of-service attacks is “4 (approximately)”.
Calculate ARO for Earthquake:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 20 years)” as “
Hence, the ARO for Earthquake is “0.05 (approximately)”.
Calculate ARO for Food:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 10 years)” as “
Hence, the ARO for Food is “0.1 (approximately)”.
Calculate ARO for Fire:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 10 years)” as “
Hence, the ARO for Fire is “0.1 (approximately)”.
Calculate ALE for Programmer mistakes:
Substitute the value of “SLE” as “5000” and “ARO” as “52” in the equation (2).
Hence, the ALE for programmer mistakes is “260000”.
Calculate ALE for Loss if intellectual property:
Substitute the value of “SLE” as “75000” and “ARO” as “1” in the equation (2).
Hence, the ALE for Loss if intellectual property is “75000”.
Calculate ALE for Software Piracy:
Substitute the value of “SLE” as “500” and “ARO” as “52” in the equation (2).
Hence, the ALE for Software Piracy is “26000”.
Calculate ALE for Theft of information(hacker):
Substitute the value of “SLE” as “2500” and “ARO” as “4” in the equation (2).
Hence, the ALE for Theft of information (hacker)is “10000”.
Calculate ALE for Theft of information (employee)
Substitute the value of “SLE” as “5000” and “ARO” as “2” in the equation (2).
Hence, the ALE for Theft of information (employee) is “10000”.
Calculate ALE for Web defacement:
Substitute the value of “SLE” as “500” and “ARO” as “12” in the equation (2).
Hence, the ALE for Web defacement is “6000”.
Calculate ALE for Theft of equipment:
Substitute the value of “SLE” as “5000” and “ARO” as “1” in the equation (2).
Hence, the ALE for Theft of equipment is “6000”.
Calculate ALE for Viruses, worms, Trojan Horses:
Substitute the value of “SLE” as “1500” and “ARO” as “52” in the equation (2).
Hence, the ALE for Viruses, worms, Trojan Horses is “78000”.
Calculate ALE for Denial-of-service attacks:
Substitute the value of “SLE” as “2500” and “ARO” as “4” in the equation (2).
Hence, the ALE for Denial-of-service attacks is “10000”.
Calculate ALE for Earthquake:
Substitute the value of “SLE” as “250000” and “ARO” as “0.05” in the equation (2).
Hence, the ALE for Earthquake is “12500”.
Calculate ALE for Food:
Substitute the value of “SLE” as “250000” and “ARO” as “0.1” in the equation (2).
Hence, the ALE for Food is “25000”.
Calculate ALE for Fire:
Substitute the value of “SLE” as “500000” and “ARO” as “0.1” in the equation (2).
Hence, the ALE for Fire is “50000”.
ARO and ALE table for all the threat cost is given below:
ARO and ALE threat cost | ARO | ALE |
Programmer mistakes | 52 | $260,000 |
Loss if intellectual property | 1 | $75,000 |
Software Piracy | 52 | $26,000 |
Theft of information(hacker) | 4 | $10,000 |
Theft of information (employee) | 2 | $10,000 |
Web defacement | 12 | $6,000 |
Theft of equipment | 1 | $5,000 |
Viruses, worms, Trojan Horses | 52 | $78,000 |
Denial-of-service attacks | 4 | $10,000 |
Earthquake | 0.05 | $12,500 |
Food | 0.1 | $25,000 |
Fire | 0.1 | $50,000 |
Want to see more full solutions like this?
Chapter 5 Solutions
Principles of Information Security
- How do the concepts of balancing and leveling affect the process of creating a data model of a system? thanksarrow_forwardwhat is the relationship between a Context Diagram and Diagram 0 in the DFD process. I need to Use an examplearrow_forwardWord Processing The assignment is a newsletter for your friends and family to let them know what’s going on in your life. Your document cannot contain profanity or obscene material—this is a business assignment. The minimum requirements for your newsletter are listed below. It should contain: 2 – 4 pages Your name A title using WordArt with one or more effects applied Articles with formatted titles using a font and color different than that of the article text A section of at least 2 columns Headers and page numbers on all pages except the first page. A bulleted or numbered list A relevant picture or clip art A formatted table Tabs with leaders going to the tabbed items At least one Sidebar Your name as the document author Boldface, italicized, and underlined text A paragraph with justified margins that is shaded and has a border A paragraph with different line spacing than the rest of the document A left, right, or both indented paragraph NOTE: If providing information from outside…arrow_forward
- You are designing a set of firewall rules for server subnet. You have a Web server that constantly gets high volume of traffic from both internal and public clients, a file server that gets moderate use during regular business hours, a VPN appliance used by sales team when they have occasional travels, and an application server for custom apps served on internal network. Describe the firewall rules you would create and the order in which you would place them. Explain why.arrow_forwardPlease original work In the progression from raw data to actionable knowledge, business analysts play a crucial role in transforming and interpreting data to support strategic decision-making. What do you think are the most important skills a business analyst needs to effectively navigate the transition from data to information and then to knowledge? How can organizations ensure that analysts are equipped to extract meaningful insights that drive informed decisions? Share examples or insights from your own experiences or studies. Please cite in text references and add weblinksarrow_forwardResearch enterprise network services commonly performed by Linux servers. Choose 3 and describe their function, as well as why they are typically set up on Linux machines.arrow_forward
- The term color tone refers to the "temperature" of a photo. Question 17Select one: True Falsearrow_forwardYou cannot add 3-dimensional effects to a shape. Question 18Select one: True Falsearrow_forwardWhich gallery shows available shapes for WordArt text? Question 10Select one: a. Transform b. Shape Styles c. Themes d. WordArt Stylesarrow_forward
- When you press [Shift][Ctrl] while dragging a corner sizing handle on a graphic, the graphic is ____. Question 9Select one: a. resized while keeping the center position fixed and maintaining its proportions b. resized proportionally c. re-positioned diagonally d. resized diagonally while changing proportionallyarrow_forwardWhat is the term used to describe trimming away part of a graphic to expose only some of it? Question 8Select one: a. Resizing b. Hiding c. Cropping d. Scalingarrow_forwardTo insert a SmartArt graphic in a document, click the SmartArt button in the _____ group on the Insert tab. Question 6Select one: a. Text b. Shapes c. Illustrations d. Pagesarrow_forward
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningInformation Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
- Information Technology Project ManagementComputer ScienceISBN:9781285452340Author:Kathy SchwalbePublisher:Cengage LearningPrinciples of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningCOMPREHENSIVE MICROSOFT OFFICE 365 EXCEComputer ScienceISBN:9780357392676Author:FREUND, StevenPublisher:CENGAGE L




