Scribd Logo
Upload

Welcome to Scribd!

  • 2019ITEC854-SparQ Risk Likelihood Impact Instruction

    Uploaded by

    fawas hamdi
    15 views5 pages
    SparQ has developed a process to help department heads (HoDs) identify risks to their information assets. This involves HoDs simulating threat scenarios, clarifying the type and source of threats, and determining the impact on confidentiality, integrity and availability. SparQ then calculates the asset value, single loss expectancy based on potential exposure, likelihood of threats based on frequency, and annual loss expectancy. Finally, SparQ maps the likelihood and annual loss expectancy to a threat rating table to determine the overall risk rating for each threat. This process provides a standardized way for SparQ to identify, analyze and rate risks across all departments.

    Original Description:

    Original Title

    2019ITEC854-SparQ_Risk_Likelihood_Impact_Instruction

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SparQ has developed a process to help department heads (HoDs) identify risks to their information assets. This involves HoDs simulating threat scenarios, clarifying the type and source of threats, and determining the impact on confidentiality, integrity and availability. SparQ then calculates the asset value, single loss expectancy based on potential exposure, likelihood of threats based on frequency, and annual loss expectancy. Finally, SparQ maps the likelihood and annual loss expectancy to a threat rating table to determine the overall risk rating for each threat. This process provides a standardized way for SparQ to identify, analyze and rate risks across all departments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views5 pages

    2019ITEC854-SparQ Risk Likelihood Impact Instruction

    Uploaded by

    fawas hamdi
    SparQ has developed a process to help department heads (HoDs) identify risks to their information assets. This involves HoDs simulating threat scenarios, clarifying the type and source of threats, and determining the impact on confidentiality, integrity and availability. SparQ then calculates the asset value, single loss expectancy based on potential exposure, likelihood of threats based on frequency, and annual loss expectancy. Finally, SparQ maps the likelihood and annual loss expectancy to a threat rating table to determine the overall risk rating for each threat. This process provides a standardized way for SparQ to identify, analyze and rate risks across all departments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    MoD: SparQ Created Date: 15/09/2019 SC: INTERNAL

    How SparQ determine risk, likelihood and threat rating

    Contents
    Risk Identification ................................................................................................................................... 1
    Asset Value.............................................................................................................................................. 2
    Single Loss Expectancy ............................................................................................................................ 2
    Likelihood table ....................................................................................................................................... 3
    Annual Loss Expectancy .......................................................................................................................... 3
    Consequences/Impact table ................................................................................................................... 4
    Threat Rating........................................................................................................................................... 4

    Risk Identification
    In order to detect risk in every SparQ’s departments, we have developed threat
    scenarios for each department. The head of every department (HoDs) took this
    responsibility by simulating threat scenarios on their own information assets. In order
    to do this, a process has been created to assist HoDs

    Identifying threats
    Developing threat Clarifying type of
    and vulnerabilities
    scenarios (1) threat (3)
    (2)

    Determining the Determing threat


    impact (5) vector (4)

    3. Clarifying type of threat


    To detect if a threat is a consequence of an accidental activity or intentional
    activity
    4. Determining threat vector
    Where is the threat come from? Internally or Externally or from both
    MoD: SparQ Created Date: 15/09/2019 SC: INTERNAL

    5. Determining the impact


    HoD determine what type of impact by the threat on Information Security triad
    (Confidentiality, Integrity, Availability)

    Asset Value
    The list of Asset Value (AV) of every Information Assets (for both tangible and
    intangible assets) will be provided from accounting department.

    Type of Estimated Asset Value


    Information Asset Owner Assets (AV) $
    Meeting Of Minute
    (MoM) CEO Intangible $100,000.00
    Legal paper
    documents CEO Intangible $200,000.00
    Technical Logs TM Intangible $100,000.00
    Technical Procedures TM Intangible $70,000.00
    Employee Database HRM Intangible $200,000.00
    Payroll Database HRM Intangible $300,000.00
    Inspection reports MGF Intangible $90,000.00
    Analysis reports MGF Intangible $60,000.00
    Quality control
    reports MFG Intangible $100,000.00
    Financial report CFO Intangible $200,000.00
    Accounting Data CFO Intangible $150,000.00
    Server CISO Tangible $50,000.00
    Risk Register CISO Intangible $ 100.000.00

    Single Loss Expectancy


    In order to calculate the Single Loss Expectancy (SLE), we have developed the excel
    sheet which help to determine the percentage of information asset lost (EF) caused by
    MoD: SparQ Created Date: 15/09/2019 SC: INTERNAL

    identified threats

    By applying the formula SLE = Asset Value (AV) * Exposure Factor (EF), we come
    to the list of SLE for each of department.

    Likelihood table
    A likelihood table has been developed in five level 1 (Almost Certain), 2 (Likely), 3
    (Possible), 4 (Unlikely), 5 (Rare). In addition, the frequency of occurrence (ARO)
    also integrated with likelihood table to help HoD choosing the ARO that fit with their
    threat scenarios.

    Annual Loss Expectancy


    After we determine the SLE and ARO, we come to the calculation of Annual Loss
    Expectancy (ALE) by using the formula: ALE = SLE * ARO.
    MoD: SparQ Created Date: 15/09/2019 SC: INTERNAL

    Consequences/Impact table
    A consequence/impact table has been developed to determine threat rating. It came
    with five rating: 5 (Insignificant), 4 (Minor), 3 (Moderate), 2 (Major) and 1
    (Extreme)

    Threat Rating

    NOT VALID
    FOR
    REFERENCE

    By mapping the two value Likelihood and ALE, this table help us to determine the
    right risk rating for each of threats
    For example: The threat ID #101 of CEO’s department have the ARO is 0.3 which is
    match with level 4 Unlikely in likelihood table. And the ALE of the ID #101 threat
    is 15,000$ which is match with rating 4 (Minor) in the consequence table. By using
    MoD: SparQ Created Date: 15/09/2019 SC: INTERNAL

    the above “Likelihood&Impact” table, we can map the threat rating by 4 x 4 mean
    Minor

    Update after consultation with Milton: We will use the Consequence Table to justify
    the Risk of an Information Assets.

    You might also like