If included, you will receive a customised analysis for your
organisation. The results will be kept confidential. If you are
hesitant to fill in the details, either remain anonymous or contact me on
Company Name (optional)
E-Mail address (optional)
British Virgin Islands
Cape Verde Islands
Central African Rep.
Papua New Guinia
Trinidad & Tobago
United Arab Emirates
Wallis / Futuna
These values are a rough estimate of the perceived value of
intangible IT assets. You may want to consult your Financial
Controller if you are not sure.
Total Value of IT Assets ($)
Include the perceived value of the IT Assets, even those that
are not part of the assets that are at risk. Confused about this term:
READ MORE HERE!
Total Value of IT Assets at Stake (% of Total Assets)
The percentage of the assets at risk. If your on-line
portion is a small percentage of the total IT infrastructure, put a small
percentage. Refer to the organisational model
if you are confused.
Confidentiality and Integrity Loss (% of Assets at Stake)
The percentage of Assets at Stake that would be lost in one attack. E.g. if data is stolen or the
integrity of data is compromised.
These values are a rough estimate of the perceived
vulnerabilities of your IT assets.
Probability that there is a Vulnerability in your Information Assets (0-1)
If you have no clue of this figure, which will be the result
of research on your particular system, leave the default.
Cost to Fix Vulnerabilities (Patches, Updates, Upgrades -$ per month)
This is the total cost per month that you will be charged by
the IT people and suppliers to fix vulnerabilities in your IT systems.
Cost to Breach Vulnerabilities
(one-time - $)
This is the amount that a hacker would have to spend to
actually exploit a vulnerability of your system. If you are unsure about this
figure, leave the default value.
Include the total cost of any defence mechanisms such as
antivirus systems, firewalls, intrusion detection systems.
Cost to Build (One time - $)
The total cost including hardware and software of the
infrastructure that currently defends your organisation's IT assets.
Cost to Maintain (Annual - $)
Include the maintenance costs that you pay or plan to pay on
the defence mechanisms. Include the wages paid to your IT Security
personnel if you think these are relevant.
These values are a rough estimate of the perceived threats of
your IT assets.
Cost to Break (One-time - $)
Include the cost that an attacker will have to incur to break
into your defence mechanisms. If unsure you are kindly asked to keep this
field as default.
Probability that there is a Threat to your System in One Month (0-1)
Depending on the attractiveness of your site, and your
firewall and IDS logs you may have a gut feeling on the probability that your
site will be attacked.
Disaster and Recovery
Loss of Revenue if IT Assets are compromised ($ per hour of downtime)
If you are working on an e-commerce site, this may be related
to the average number of sales per hour that you have transacted on this
website. If you do not use the web-site to conduct e-commerce, then you
might want to put zero.
Cost to Rebuild Lost IT Assets (Total Man-hour rate -$/h)
This is the total cost per hour that you will be charged by
the IT people to restore from backups the information lost or to fix the damage
done to the IT assets.
Total Expected Down Time (Annual - h)
This will be dictated by the Service Level Agreement (SLA)
that you have with the organisation in question. If unsure, enter the
maximum tolerable downtime period that you expect. For a 99%
availability, this will be 87.6 hours.
These figures relate to what you or your financial controller
has budgeted for IT this year.
Value of IT budget (Annual - $)
The total annual IT budget for the current year.
Value of IT security budget (Annual - $)
The IT security budget including any maintenance costs or any
licences that you will pay in the coming year (including any fees that are
provisional should an attack be successful on your site).