Course Hero Logo

If the threat event is initiated or occurs it is

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 72 - 76 out of 87 pages.

If the threat event isinitiated or occurs, it ishighly likely to haveadverse impacts.Moderate21-79Adversary is somewhatlikely to initiate thethreat event.Error, accident, or act ofnature is somewhat likelyto occur; or occursbetween 1-10 times ayear.If the threat event isinitiated or occurs, it issomewhat likely to haveadverse impacts.Low5-20Adversary is unlikely toinitiate the threat event.Error, accident, or act ofnature is unlikely tooccur; or occurs less thanonce a year, but morethan once every 10 years.If the threat event isinitiated or occurs, it isunlikely to have adverseimpacts.Very Low0-4Adversary is highlyunlikely to initiate thethreat event.Error, accident, or act ofnature is highly unlikelyto occur; or occurs lessthan once every 10 years.If the threat event isinitiated or occurs, it ishighly unlikely to haveadverse impacts.
LossCategoryLossFactorsForms of LossPrimaryLossAsset: Includes thevalue/liabilitycharacteristics of an assetand the volume of assetsat riskThreat: Includes type ofaction, whether internalor external, and threatcompetence.Productivity: The reduction in an organization’sability to generate its primary value proposition(e.g., income, goods, services, etc.).Response: Associated with managing a loss event(e.g., internal or external person-hours, logisticalexpenses, etc.).Replacement: The intrinsic value of an asset.Typically represented as the capital expenseassociated with replacing lost or damaged assets(e.g., rebuilding a facility, purchasing a replacementlaptop, etc.).SecondaryLoss•Secondaryloss eventfrequency•SecondarylossmagnitudeOrganization: Includestiming, due diligence,type of response, anddetection capability.External: Entities thatcan inflict a secondaryform of harm upon theorganization as aconsequence of an event.Competitive advantage: Losses associated withdiminished competitive advantage; associated withassets that provide competitive differentiationbetween the organization and its competition.Examples include trade secrets, merger andacquisition plans, etc.Fines/judgments: Legal or regulatory actionslevied against an organization.Reputation: Associated with an external perceptionthat an organization’s value proposition is reducedor leadership is incompetent, criminal, or unethical.Table 3.10FAIR LossCategories(Table is found on page 123 in the textbook)
VALUEPROPOSITIONA statement thatidentifies clear,measurable, anddemonstrable benefits toconsumers when theybuy a particular productor service. The valueproposition shouldconvince consumers thatthis product or service isbetter than others on themarket
ESTIMATING THE PRIMARYLOSSThe FAIR impact (referred to asloss) begins with determining theprimary loss suffered as the result of the eventThere are two aspects to this assessment:Asset factors:The value of the asset under threatThreat factors:Threat factors that contribute to the lossThe next step is to determine what threat action might apply to this

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 87 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
NoProfessor
Tags

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture