You have been asked by Elway Business Services Inc. to evaluate the possible financial loss that could be accrued by threats to its servers. You decide to use the ALE equation to estimate this cost. As a starting point, EBS provides the following inventory of its servers:
- 15 Windows servers
- 5 Linux servers
1. You need more information to calculate the value of the 20 servers. Compile a list of questions you can use to determine the overall TCO, internal value and external value of these servers.
2. If all EBS servers must be running on 8,700 hours per year, what is the EF for the following list of attacks:
- Theft to servers
- Virus that shuts down the server for 13 hours
- Attack that keeps the server off-line for 35 hours to rebuild
3. For each attach listed in question 2 (above) what additional information would you require from EBS to estimate the annualized rate of occurrence for each attack.
4. Assume the following information for one EBS server: the total asset value is $250,000, the EF from a Web site attack is 0.4 % and the ARO is once per year. Assuming there are five identical servers that have the exact same asset value, EF, and ARO, what is the total ALE to EBS for those five servers?