2. 计算机
  3. The following scenario applies to questions 27 and 28. Sam is the security manager of a company that makes most of its revenue f

The following scenario applies to questions 27 and 28. Sam is the security manager of a company that makes most of its revenue f

admin2013-12-19  59
问题 The following scenario applies to questions 27 and 28.
Sam is the security manager of a company that makes most of its revenue from its intellectual property. Sam has implemented a process improvement program that has been certified by an outside entity. His company received a Level 2 during an appraisal process, and he is putting in steps to increase this to a Level 3. A year ago when Sam carried out a risk analysis, he determined that the company was at too much of a risk when it came to potentially losing trade secrets. The countermeasure his team implemented reduced this risk, and Sam determined that the annualized loss expectancy of the risk of a trade secret being stolen once in a hundred-year period is now $400.
What is the associated single loss expectancy value in this scenario?
选项 A、$65,000
B、$400,000
C、40000
D、4000
答案D
解析 C正确。计算年度损失期望值(ALE)的公式为单一损失期望(SLE)×年度发生率(ARO)=ALE。在这个情景中,如果ALE是$400且ARO为0.01,则SLE为$40 000。
A不正确。因为得到SLE的公式为资产价值×曝光因子=SLE,而ALE是单一损失期望(SLE)×年度发生率(ARO)=ALE。如果某个交易秘密在一百年的时间内被偷一次的风险的ALE为$400,则你只能反向计算得到SLE的值。如果ALE是$400,ARO为0.01,则得到的SLE值为$40 000。
B不正确。因为得到SLE的公式为资产价值×曝光因子=SLE,而ALE是单一损失期望×年度发生率(ARO)=ALE。在这个场景中,某个交易秘密在一百年的时间内被偷一次的风险的ALE为$400,如果ALE是$400,ARO为0.01,则得到的SLE值为$40 000。
D不正确。因为得到SLE的公式为资产价值×曝光因子=SLE,而ALE是单一损失期望×年度发生率(ARO)=ALE。完成这些计算的目的是为了全面理解特定风险的急迫性,并了解实施一种成本有效的对策可以花费多少。
转载请注明原文地址:https://kaotiyun.com/show/UNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)