This project uses spreadsheet software to calculateanticipated annual losses from various security threats identified for a smallcompany. Mercer Paints is a paint manufacturing company located in Alabama thatuses a network to link its business operations. A security risk assessmentrequested by management identified a number of potential exposures. Theseexposures, their associated probabilities, and average losses are summarized ina table, which can be found in this learning module. Use the table to answerthe following questions:
â¢ In addition to the potential exposures listed, identify atleast three other potential threats to Mercer Paints, assign probabilities, andestimate a loss range.
â¢ Use spreadsheet software and the risk assessment data tocalculate the expected annual loss for each exposure.
â¢ Present your findings in the form of a chart. Whichcontrol points have the greatest vulnerability? What recommendations would youmake to Mercer Paints? Prepare a written report that summarizes your findingsand recommendations.
Setting securitypolicies and procedures really means developing a plan for how to deal withcomputer security. One way to approach this task is:
Â·Look at what you are trying to protect.
Â·Look at what you need to protect it from.
Â·Determine how likely the threats are.
Â·Implement measures that will protect your assetsin a cost-effective manner.
Â·Review the process continuously, and improvethings every time a weakness is found.
Reports should focus most on the last two steps, but the first threeare critically important to making effective decisions about security. One oldtruism in security is that the cost of protecting yourself against a threatshould be less than the cost of recovering if the threat were to strike you.Without reasonable knowledge of what you are protecting and what the likelythreats are, following this rule could be difficult.
Improving Decision Making: Using Spreadsheet Software to Perform a Security Risk Assessment
Mercer Paints Risk Assessment
Probability of Occurrence (%)
Average Loss ($)
Threats from hackers
Improper use by employees
Hands-on MIS Security Vulnerabilities and Risk Assessment Tables
Management Decision Problem 2
SECURITY VULNERABILITIES BY TYPE OF COMPUTING PLATFORM
Platform Number of High Medium Low Total
Computers Risk Risk Risk Vulnerabilities
(corporate applications) 111 37 19
Windows 8 Enterprise
(high-level administrators) 3 56 242 87
Linux (e-mail and printing services) 1 3 154 98
Sun Solaris (UNIX)
(E-commerce and Web servers) 2 12 299 78
Windows 8 Enterprise user
desktops and laptops with office19514161,237
productivity tools that can also be
linked to the corporate network
running corporate applications and