1
Useful Hints on Assignment 5
Exercise 1: (Chapter 6)
To help you better understand the calculations for Exercise 1 of Assignment 5, see below for an explanation on
how to correctly compute the risk rating of an asset.
Using the terminology from Chapter 6 of the textbook, the formula for calculating the risk rating of an asset
can be written as:
Risk rating = I x V x (1.0 - C + U)
where,
I : is Impact value of an asset
V : is Likelihood of vulnerability
C : is Percentage of risks mitigated by controls on the asset (example: Firewall etc.)
U : is Uncertainty of assumptions and data
Worked Example:
Let us see how we can apply this to an example problem. Assume that an organization has three assets A, B, C
as follows:
(1) Asset A: has an impact value of 50, and likelihood of vulnerability is estimated to be 1.0. Also
assume that there are no current controls in place to protect the asset, and there is a 90% certainty
of these assumptions and data. Thus we can write:
I : Impact value of asset is given as 50
V : Likelihood of vulnerability is given as 1.0
C : Assume that there are no current controls in place to protect this asset.
(So, Percentage of risk mitigated by current controls = 0% (i.e. 0))
U : Certainty of assumptions is given as 90%
- so the Uncertainty of assumptions = 10% (i.e. 0.1)
Risk rating for asset A = I x V x (1 – C + U) = (50 x 1.0) x (1.0 - 0 + 0.1) = 55
(2) Asset B: has an impact value of 100, and likelihood of vulnerability is estimated to be 0.5. Also
assume that current controls in place address 50% of the risk, and there is an 80% certainty of
these assumptions and data. Thus we can write:
I : Impact value of asset is given as 100
V : Likelihood of vulnerability is given as 0.5
C : Assume that current controls for this vulnerability address 50% of the risk.
(So, Percentage of risk mitigated by current controls = 50% (= 0.50))
U : Certainty of assumptions is given as 80%
- so Uncertainty of assumptions = 20% (i.e. 0.2)
Risk rating for asset B = I x V x (1 – C + U) = (100 x 0.5) X (1.0 - 0.5 + 0.2) = 35
(3) Asset C: has an impact value of 100, and likelihood of vulnerability is estimated to be 0.1. Also
assume that there are no current controls in place to protect the asset, and there is an 80%
certainty of these assumptions and data. Thus we can write:
I : Impact value of asset is given as 100
V : Likelihood of vulnerability is given as 0.1
C : Assume that there are no current controls in place to protect this asset.
2
(So, Percentage of risk mitigated by current controls = 0% (i.e. 0))
U : Certainty of assumptions is given as 80%
- so Uncertainty of assumptions = 20% (i.e. 0.2)
Risk rating for asset C = I x V x (1 – C + U) = (100 x 0.1) - (1.0 - 0 + 0.2) = ...
1 Useful Hints on Assignment 5 Exercise 1 (Chapter
1. 1
Useful Hints on Assignment 5
Exercise 1: (Chapter 6)
To help you better understand the calculations for Exercise 1 of
Assignment 5, see below for an explanation on
how to correctly compute the risk rating of an asset.
Using the terminology from Chapter 6 of the textbook, the
formula for calculating the risk rating of an asset
can be written as:
Risk rating = I x V x (1.0 - C + U)
where,
I : is Impact value of an asset
V : is Likelihood of vulnerability
C : is Percentage of risks mitigated by controls on the
asset (example: Firewall etc.)
U : is Uncertainty of assumptions and data
Worked Example:
Let us see how we can apply this to an example problem.
Assume that an organization has three assets A, B, C
as follows:
(1) Asset A: has an impact value of 50, and likelihood of
vulnerability is estimated to be 1.0. Also
assume that there are no current controls in place to protect the
2. asset, and there is a 90% certainty
of these assumptions and data. Thus we can write:
protect this asset.
(So, Percentage of risk mitigated by current controls =
0% (i.e. 0))
- so the Uncertainty of assumptions = 10% (i.e. 0.1)
Risk rating for asset A = I x V x (1 – C + U) = (50 x 1.0)
x (1.0 - 0 + 0.1) = 55
(2) Asset B: has an impact value of 100, and likelihood of
vulnerability is estimated to be 0.5. Also
assume that current controls in place address 50% of the risk,
and there is an 80% certainty of
these assumptions and data. Thus we can write:
address 50% of the risk.
(So, Percentage of risk mitigated by current controls =
50% (= 0.50))
- so Uncertainty of assumptions = 20% (i.e. 0.2)
Risk rating for asset B = I x V x (1 – C + U) = (100 x
0.5) X (1.0 - 0.5 + 0.2) = 35
(3) Asset C: has an impact value of 100, and likelihood of
vulnerability is estimated to be 0.1. Also
3. assume that there are no current controls in place to protect the
asset, and there is an 80%
certainty of these assumptions and data. Thus we can write:
pact value of asset is given as 100
protect this asset.
2
(So, Percentage of risk mitigated by current controls =
0% (i.e. 0))
- so Uncertainty of assumptions = 20% (i.e. 0.2)
Risk rating for asset C = I x V x (1 – C + U) = (100 x
0.1) - (1.0 - 0 + 0.2) = 12
Conclusion: Based on these risk ratings, asset A has the highest
vulnerability score and asset C has the lowest
score. Hence, the vulnerabilities on Asset A should be
addressed first for additional controls, and those of
Asset C should be addressed last.
Exercise 3(a): (Chapter 7)
For this exercise you need to use the data given in the Table to
calculate the SLE, ARO, and ALE for each threat
category listed.
In this exercise, you are given the cost per incident, which
effectively is the SLE. For example, in the Table
4. given for this exercise, the cost per incident for a Programmer
Mistake is given as $5,000; hence the SLE for
this incident is $5,000.
To compute the ARO for an incident use the hints given below.
And once you know the SLE and the ARO, you
can compute ALE using the formula: ALE = SLE x ARO.
Detemining the Annualized Rate of Occurence (ARO):
The term ARO simply means how many incidents will occur in
one year. If the data is given in other time
intervals such as one per quarter, one every week, one every six
months etc. then you convert that to number
of incidents that will occur in a year to calculate ARO.
Here are some examples to illustrate this:
weeks in a year)
RO = 4 (since there are 4
quarters in a year)
months in a year)
be 2 incidents)
For example, when you apply this to the first Table entry
(Programmer Mistakes) of Exercise 4, we have:
SLE = $5,000
ARO = 52 (since frequency = 1 incident per week)
5. --> ALE = SLE x ARO = ($5000) x 52 = $260,000
We can therefore write the first line of the Table as follows:
Cost per incident Frequency ARO SLE ALE
Programmer Mistakes $5,000 1 per week 52 $5,000 $260,000
3
Exercise 3(b): (Chapter 7)
In a typical cost-benefit analysis, sometimes it is informative to
determine if the value of protecting an asset is
worth the cost incurred in implementing the control mechanisms
protecting the asset. In Exercise 4 of the
assignment you computed the ALE values for different assets to
determine the expected loss from those
assets if they were compromised.
Exercise 3(b) explores whether the cost-benefits from
implementing protection controls are worthwhile when
compared to the value of the assets being protected. Such
analysis could be performed before implementing a
control or safeguard, or they can be performed after controls
have been in place for a while. To calculate the
cost-benefit of implementing those controls use the equation
given below (as discussed on page 386 in
Chapter 7 of the textbook):
6. Cost Benefit = ALE(precontrol) – ALE(postcontrol) – ACS
where:
ALE(precontrol) = ALE of the risk before the implementation
of the control
ALE(postcontrol) = ALE after the control has been
implemented
ACS = Annualized Cost of Control
For the data given for each of the assets listed in the table
provided for this exercise, use the above formulae
to compute the Cost Benefit figure for each asset by
determining its SLE, ARO, and ALE for each threat
category listed.
Universidad del Sagrado Corazón
Departamento de Ciencias Naturales
Programa de Enfermería
ENF 230- Fisiopatología
Guías de estudio semana 4
Instrucciones: Luego de realizar las lecturas de la unidad dos
del libro de texto, realiza las siguientes actividades.
Tema: Sistema Cardiovascular y linfático
1. Llena la siguiente tabla con la información requerida:
10. 4. Disrritmias. Es importante que puedas identificar el tipo de
disrritmia con el trazado y aprecies los cambios en el
electrocardiograma. Por lo tanto, busca un trazado según el tipo
de disrritmia y pégalo en el espacio correspondiente. Luego
llena el resto de la tabla
Tipo
Trazado
Fisiopatología
Manifestaciones clinicas
Tratamiento
Bradicardia
Taquicardia
Bloqueo (escoge uno)
11. Fibrilación ventricular
Ritmo agonal
Tema: Sistema respiratorio
1. Enumera las consideraciones geriátricas en el sistema
pulmonar.
a. Elasticidad/pared torácica
b. Intercambio de gases
c. Ejercicio
2. Llena la siguiente tabla con la información requerida:
Condición
Fisiopatología
Manifestaciones clínicas
Evaluación y tratamiento
Pneumotorax
14. Page 1
Universidad del Sagrado Corazón
Departamento de Ciencias Naturales
Programa de Enfermería
ENF 230- Fisiopatología
Guías de estudio semana 4
Instrucciones: Luego de realizar las lecturas de la unidad dos
del libro de texto, realiza las
siguientes actividades.
Tema: Sistema Cardiovascular y linfático
1. Llena la siguiente tabla con la información requerida:
15. Condición Fisiopatología Manifestaciones
clínicas
Evaluación y
tratamiento
Insuficiencia venosa
Trombosis venosa
Hipertensión
Aneurisma
Embolismo
Enfermedad vascular
periferal
Aterosclerosis
Enfermedad arterial
periferal
Enfermedad de las
arterias coronarias
16. Pericarditis
Efusión pleural
Fiebre reumática
Endocarditis infectiva
Fallo cardiaco
Page 2
2. Describe las características de las cardiomiopatías
Cardiomiopatía dilatada
Cardiomiopatía
hipertrófica
Cardiomiopatía restrictivas
Condiciones asociadas
18. Page 3
4. Disrritmias. Es importante que puedas identificar el tipo de
disrritmia con el trazado y
aprecies los cambios en el electrocardiograma. Por lo tanto,
busca un trazado según el
tipo de disrritmia y pégalo en el espacio correspondiente. Luego
llena el resto de la tabla
Tipo Trazado Fisiopatología Manifestaciones
clinicas
Tratamiento
Bradicardia
Taquicardia
Bloqueo
(escoge
uno)
19. Fibrilación
ventricular
Ritmo
agonal
Tema: Sistema respiratorio
1. Enumera las consideraciones geriátricas en el sistema
pulmonar.
a. Elasticidad/pared torácica
b. Intercambio de gases
c. Ejercicio
2. Llena la siguiente tabla con la información requerida:
Condición Fisiopatología Manifestaciones