
Annualized Rate Occurrence (ARO):
Annualized Rate Occurrence is the estimated frequency at which a given threat is expected to happen.
ARO can be calculated by using the following formula:
Annualized Loss Expectancy (ALE):
Annualized loss expectancy is the loss expected from the attack of a specific information asset which has been carried over for a year. It is a product of single loss expectancy and the annualized rate of occurrence.
ALE can be calculated by using the following formula:

Explanation of Solution
Calculate ARO for Programmer mistakes:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for programmer mistakes is “52 (approximately)”.
Calculate ARO for Loss if intellectual property:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per year)” as “365” in the equation (1).
Hence, the ARO for Loss if intellectual property is “1 (approximately)”.
Calculate ARO for Software Piracy:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for Software Piracy is “52 (approximately)”.
Calculate ARO for Theft of information (hacker):
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per quarter)” as “
Hence, the ARO for Theft of information (hacker) is “4 (approximately)”.
Calculate ARO for Theft of information (employee):
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 6 months)” as “
Hence, the ARO for Theft of Theft of information (employee) is “2 (approximately)”.
Calculate ARO for Web defacement:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per months)” as “
Hence, the ARO for Web defacement is “12 (approximately)”.
Calculate ARO for Theft of equipment:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per year)” as “365” in the equation (1).
Hence, the ARO for Theft of equipment is “1 (approximately)”.
Calculate ARO for Viruses, worms, Trojan Horses:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per week)” as “7” in the equation (1).
Hence, the ARO for Viruses, worms, Trojan Horses is “52 (approximately)”.
Calculate ARO for Denial-of-service attacks:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per quarter)” as “
Hence, the ARO for Denial-of-service attacks is “4 (approximately)”.
Calculate ARO for Earthquake:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 20 years)” as “
Hence, the ARO for Earthquake is “0.05 (approximately)”.
Calculate ARO for Food:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 10 years)” as “
Hence, the ARO for Food is “0.1 (approximately)”.
Calculate ARO for Fire:
Substitute the value of “One year” as “365” and “Frequency of occurrence (One per 10 years)” as “
Hence, the ARO for Fire is “0.1 (approximately)”.
Calculate ALE for Programmer mistakes:
Substitute the value of “SLE” as “5000” and “ARO” as “52” in the equation (2).
Hence, the ALE for programmer mistakes is “260000”.
Calculate ALE for Loss if intellectual property:
Substitute the value of “SLE” as “75000” and “ARO” as “1” in the equation (2).
Hence, the ALE for Loss if intellectual property is “75000”.
Calculate ALE for Software Piracy:
Substitute the value of “SLE” as “500” and “ARO” as “52” in the equation (2).
Hence, the ALE for Software Piracy is “26000”.
Calculate ALE for Theft of information(hacker):
Substitute the value of “SLE” as “2500” and “ARO” as “4” in the equation (2).
Hence, the ALE for Theft of information (hacker)is “10000”.
Calculate ALE for Theft of information (employee)
Substitute the value of “SLE” as “5000” and “ARO” as “2” in the equation (2).
Hence, the ALE for Theft of information (employee) is “10000”.
Calculate ALE for Web defacement:
Substitute the value of “SLE” as “500” and “ARO” as “12” in the equation (2).
Hence, the ALE for Web defacement is “6000”.
Calculate ALE for Theft of equipment:
Substitute the value of “SLE” as “5000” and “ARO” as “1” in the equation (2).
Hence, the ALE for Theft of equipment is “6000”.
Calculate ALE for Viruses, worms, Trojan Horses:
Substitute the value of “SLE” as “1500” and “ARO” as “52” in the equation (2).
Hence, the ALE for Viruses, worms, Trojan Horses is “78000”.
Calculate ALE for Denial-of-service attacks:
Substitute the value of “SLE” as “2500” and “ARO” as “4” in the equation (2).
Hence, the ALE for Denial-of-service attacks is “10000”.
Calculate ALE for Earthquake:
Substitute the value of “SLE” as “250000” and “ARO” as “0.05” in the equation (2).
Hence, the ALE for Earthquake is “12500”.
Calculate ALE for Food:
Substitute the value of “SLE” as “250000” and “ARO” as “0.1” in the equation (2).
Hence, the ALE for Food is “25000”.
Calculate ALE for Fire:
Substitute the value of “SLE” as “500000” and “ARO” as “0.1” in the equation (2).
Hence, the ALE for Fire is “50000”.
ARO and ALE table for all the threat cost is given below:
ARO and ALE threat cost | ARO | ALE |
Programmer mistakes | 52 | $260,000 |
Loss if intellectual property | 1 | $75,000 |
Software Piracy | 52 | $26,000 |
Theft of information(hacker) | 4 | $10,000 |
Theft of information (employee) | 2 | $10,000 |
Web defacement | 12 | $6,000 |
Theft of equipment | 1 | $5,000 |
Viruses, worms, Trojan Horses | 52 | $78,000 |
Denial-of-service attacks | 4 | $10,000 |
Earthquake | 0.05 | $12,500 |
Food | 0.1 | $25,000 |
Fire | 0.1 | $50,000 |
Want to see more full solutions like this?
Chapter 5 Solutions
Principles of Information Security (MindTap Course List)
- using r languagearrow_forwardI need help in explaining how I can demonstrate how the Laplace & Inverse transformations behaves in MATLAB transformation (ex: LIke in graph or something else)arrow_forwardYou have made the Web solution with Node.js. please let me know what problems and benefits I would experience while making the Web solution here, as compared to any other Web solution you have developed in the past. what problems and benefits/things to keep in mind as someone just learningarrow_forward
- PHP is the server-side scripting language. MySQL is used with PHP to store all the data. EXPLAIN in details how to install and run the PHP/MySQL on your computer. List the issues and challenges I may encounter while making this set-up? why I asked: I currently have issues logging into http://localhost/phpmyadmin/ and I tried using the command prompt in administrator to reset the password but I got the error LOCALHOST PORT not found.arrow_forwardHTML defines content, CSS defines layout, and JavaScript adds logic to the website on the client side. EXPLAIN IN DETAIL USING an example.arrow_forwardusing r languangearrow_forward
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningInformation Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
- Information Technology Project ManagementComputer ScienceISBN:9781285452340Author:Kathy SchwalbePublisher:Cengage LearningPrinciples of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningCOMPREHENSIVE MICROSOFT OFFICE 365 EXCEComputer ScienceISBN:9780357392676Author:FREUND, StevenPublisher:CENGAGE L




