SlideShare une entreprise Scribd logo

Risk Management Insight FAIR(FACTOR ANA.docx

Télécharger en tant que DOCX, PDF
M
madlynplamondon

Risk Management Insight FAIR (FACTOR ANALYSIS OF INFORMATION RISK) Basic Risk Assessment Guide FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC NOTE: Before using this assessment guide… Using this guide effectively requires a solid understanding of FAIR concepts ‣ As with any high-level analysis method, results can depend upon variables that may not be accounted for at this level of abstraction ‣ The loss magnitude scale described in this section is adjusted for a specific organizational size and risk capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.) may need to be adjusted when analyzing organizations of different sizes ‣ This process is a simplified, introductory version that may not be appropriate for some analyses Basic FAIR analysis is comprised of ten steps in four stages: Stage 1 – Identify scenario components 1. Identify the asset at risk 2. Identify the threat community under consideration Stage 2 – Evaluate Loss Event Frequency (LEF) 3. Estimate the probable Threat Event Frequency (TEF) 4. Estimate the Threat Capability (TCap) 5. Estimate Control strength (CS) 6. Derive Vulnerability (Vuln) 7. Derive Loss Event Frequency (LEF) Stage 3 – Evaluate Probable Loss Magnitude (PLM) 8. Estimate worst-case loss 9. Estimate probable loss Stage 4 – Derive and articulate Risk 10. Derive and articulate Risk Risk Loss Event Frequency Probable Loss Magnitude Threat Event Frequency Vulnerability Contact Action Control Strength Threat Capability Primary Loss Factors Secondary Loss Factors Asset Loss Factors Threat Loss Factors Organizational Loss Factors External Loss Factors FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 1 – Identify Scenario Components Step 1 – Identify the Asset(s) at risk In order to estimate the control and value characteristics within a risk analysis, the analyst must first identify the asset (object) under evaluation. If a multilevel analysis is being performed, the analyst will need to identify and evaluate the primary asset (object) at risk and all meta-objects that exist between the primary asset and the threat community. This guide is intended for use in simple, single level risk analysis, and does not describe the additional steps required for a multilevel analysis. Asset(s) at risk: ______________________________________________________ Step 2 – Identify the Threat Community In order to estimate Threat Event Frequency (TEF) and Threat Capability (TCap), a specific threat community must first be identified. At minimum, when evaluating the risk associated with malicious acts, the analyst has to decide whether the threat community is human or malware, and internal or external. In most circumstances, it’s appropriate to define the threat community more specifically – e.g., network engineers, cleaning crew, etc., and characterize the ex.

Formation
1  sur  19
Risk Management Insight FAIR (FACTOR ANALYSIS OF INFORMATION RISK) Basic Risk Assessment Guide FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC NOTE: Before using this assessment guide… Using this guide effectively requires a solid understanding of FAIR concepts ‣ As with any high-level analysis method, results can depend upon variables that may not be accounted for at this level of abstraction ‣ The loss magnitude scale described in this section is adjusted for a specific organizational size and risk capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.) may need to be adjusted when analyzing organizations of different sizes ‣ This process is a simplified, introductory version that may not be appropriate for some analyses
Basic FAIR analysis is comprised of ten steps in four stages: Stage 1 – Identify scenario components 1. Identify the asset at risk 2. Identify the threat community under consideration Stage 2 – Evaluate Loss Event Frequency (LEF) 3. Estimate the probable Threat Event Frequency (TEF) 4. Estimate the Threat Capability (TCap) 5. Estimate Control strength (CS) 6. Derive Vulnerability (Vuln) 7. Derive Loss Event Frequency (LEF) Stage 3 – Evaluate Probable Loss Magnitude (PLM) 8. Estimate worst-case loss 9. Estimate probable loss Stage 4 – Derive and articulate Risk 10. Derive and articulate Risk Risk Loss Event Frequency Probable Loss
Magnitude Threat Event Frequency Vulnerability Contact Action Control Strength Threat Capability Primary Loss Factors Secondary Loss Factors Asset Loss Factors Threat Loss Factors Organizational Loss Factors External Loss Factors FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC
Stage 1 – Identify Scenario Components Step 1 – Identify the Asset(s) at risk In order to estimate the control and value characteristics within a risk analysis, the analyst must first identify the asset (object) under evaluation. If a multilevel analysis is being performed, the analyst will need to identify and evaluate the primary asset (object) at risk and all meta-objects that exist between the primary asset and the threat community. This guide is intended for use in simple, single level risk analysis, and does not describe the additional steps required for a multilevel analysis. Asset(s) at risk: _____________________________________________________ _ Step 2 – Identify the Threat Community In order to estimate Threat Event Frequency (TEF) and Threat Capability (TCap), a specific threat community must first be identified. At minimum, when evaluating the risk associated with malicious acts, the analyst has to decide whether the threat community is human or malware, and internal or external. In most circumstances, it’s appropriate to define the
threat community more specifically – e.g., network engineers, cleaning crew, etc., and characterize the expected nature of the community. This document does not include guidance in how to perform broad-spectrum (i.e., multi-threat community) analyses. Threat community: _____________________________________________________ _ Characterization FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 2 – Evaluate Loss Event Frequency Step 3 – Threat Event Frequency (TEF) The probable frequency, within a given timeframe, that a threat agent will act against an asset Contributing factors: Contact Frequency, Probability of Action Very High (VH) > 100 times per year High (H) Between 10 and 100 times per year Moderate (M) Between 1 and 10 times per year
Low (L) Between .1 and 1 times per year Very Low (VL) < .1 times per year (less than once every ten years) Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 4 – Threat Capability (Tcap) The probable level of force that a threat agent is capable of applying against an asset Contributing factors: Skill, Resources Very High (VH) Top 2% when compared against the overall threat population High (H) Top 16% when compared against the overall threat population Moderate (M) Average skill and resources (between bottom 16% and top 16%) Low (L) Bottom 16% when compared against the overall threat population Very Low (VL) Bottom 2% when compared against the overall
threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 5 – Control strength (CS) The expected effectiveness of controls, over a given timeframe, as measured against a baseline level of force Contributing factors: Strength, Assurance Very High (VH) Protects against all but the top 2% of an avg. threat population High (H) Protects against all but the top 16% of an avg. threat population Moderate (M) Protects against the average threat agent Low (L) Only protects against bottom 16% of an avg. threat population Very Low (VL) Only protects against bottom 2% of an avg. threat population Rationale
FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 6 – Vulnerability (Vuln) The probability that an asset will be unable to resist the actions of a threat agent Tcap (from step 4): CS (from step 5): Vulnerability VH VH VH VH H M H VH VH H M L Tcap M VH H M L VL L H M L VL VL VL M L VL VL VL VL L M H VH Control Strength Vuln (from matrix above): FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC Step 7 – Loss Event Frequency (LEF) The probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset TEF (from step 3): Vuln (from step 6): Loss Event Frequency VH M H VH VH VH H L M H H H TEF M VL L M M M L VL VL L L L VL VL VL VL VL VL VL L M H VH Vulnerability LEF (from matrix above): FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC Stage 3 – Evaluate Probable Loss Magnitude Step 8 – Estimate worst-case loss Estimate worst-case magnitude using the following three steps: ‣ Determine the threat action that would most likely result in a worst-case outcome ‣ Estimate the magnitude for each loss form associated with that threat action ‣ “Sum” the loss form magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999
Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 9 – Estimate probable loss Estimate probable loss magnitude using the following three steps: ‣ Identify the most likely threat community action(s) ‣ Evaluate the probable loss magnitude for each loss form ‣ “Sum” the magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification
Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 4 – Derive and Articulate Risk Step 10 – Derive and Articulate Risk The probable frequency and probable magnitude of future loss Well-articulated risk analyses provide decision-makers with at least two key pieces of information: ‣ The estimated loss event frequency (LEF), and ‣ The estimated probable loss magnitude (PLM) This information can be conveyed through text, charts, or both.
In most circumstances, it’s advisable to also provide the estimated high-end loss potential so that the decision-maker is aware of what the worst-case scenario might look like. Depending upon the scenario, additional specific information may be warranted if, for example: ‣ Significant due diligence exposure exists ‣ Significant reputation, legal, or regulatory considerations exist Risk Severe H H C C C High M H H C C PLM Significant M M H H C Moderate L M M H H Low L L M M M Very Low L L M M M VL L M H VH LEF LEF (from step 7): PLM (from step 9): WCLM (from step 8): Key Risk Level
C Critical H High M Medium L Low FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Requirements In preparing and supporting your recommendation to either make the investment or not, include the following items as part of your analysis: · Analysis of financial information. · Identification of risks associated with the investment. Consider: . How risky the project appears. . How far off your estimates of revenues and expenses can be before your decision would change. . The difference if the company were to use a straight line versus a MACRS depreciation. · Recommendation for a course of action. · Explanation of criteria supporting your recommendation. Financial Information As part of your analysis you might find that additional information from marketing, accounting, or finance would be useful in making an informed and well-supported recommendation. In a real workplace setting you would have the ability to ask for that information. However, for the purposes of this assessment, you can make assumptions about the values of that data or ratios in support of your recommendation.
Accounting worked with the marketing group to create the ZXY Company Financial Statements spreadsheet for the new products business and the new facility. Notes about the financial information: · The expense line labeled SQF FDA Mandates refers to the costs of complying with Food and Drug Administration requirements. · Depreciation expense is calculated using 7-year life modified accelerated cost recovery system (MACRS). Deliverable Format Depending on the audience you choose to address, use one of the following options: · Presentation for top leadership. Prepare a presentation of at least 12 slides detailing your recommendation and the information you used to make your recommendation. You may use your choice of presentation software. Include notes with additional details. Keep in mind that your recommendation may be shared with others, so your materials should be designed for clarity and readability. Related company standards for either format: · The recommendation report is a professional document and should therefore follow the corresponding MBA Academic and Professional Document Guidelines, including single-spaced paragraphs. · In addition to the report or presentation, include: . Title (slide or page). . References (slide or page). . Appendix with supporting materials. . At least two APA-formatted references. Evaluation By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies through corresponding scoring guide criteria: · Competency 2: Apply principles of accounting to assess financial performance.
. Analyze financial statements for decision support. . Explain risks associated with an investment decision. · Competency 3: Analyze accounting information to support business decisions. . Recommend a course of action based on financial information. . Explain how financial criteria support a decision. · Competency 4: Communicate financial information with multiple stakeholders. . Communicate accounting information clearly. Faculty will use the scoring guide to review your deliverable as if they were your boss. Review the scoring guide prior to developing and submitting your assessment. ZXYZXY - Forecast Ten YearsPro-Forma Income StatementYear 1Year 2Year 3Year 4Year 5Year 6Year 7Year 8Year 9Year 10TotalBrand new Acme System - full systemIncomeRevenueProduct A2,400,0002,800,0002,800,0003,240,0003,900,0003,900,0003,9 00,0003,900,0003,900,0003,900,00034,640,000Product B900,0001,350,0002,500,0003,000,0004,000,0004,950,0005,500 ,00022,200,000Total · Revenue2,400,0002,800,0002,800,0004,140,0005,250,0006,400, 0006,900,0007,900,0008,850,0009,400,00056,840,000Cost of Goods SoldPest Control50,00066,55073,20573,20573,20573,20573,20573,20573 ,20573,205702,190SQF FDA mandates90,00090,00090,00090,00090,00030,00030,00030,0003 0,00030,000600,000Rent - Plant400,000408,000416,160424,483432,973441,632450,46545 9,474468,664478,0374,379,888Plant Equip. - Fklf - Scrb/Lease40,00064,00064,00064,00064,00064,00064,00064,00 064,00064,000616,000Plant Equip. - Ongoing maintenance50,00070,00075,00075,00075,00075,00075,00075,0 0075,00075,000720,000Plant Equip. - Parts40,00050,00050,00050,00050,00050,00050,00050,00050,0
0050,000490,000Miscellaneous - Equipment15,00015,00015,00015,00015,00015,00015,00015,00 015,00015,000150,000Building repairs25,00025,00025,00025,00025,00025,00025,00025,00025, 00025,000250,000Plant supplies100,000120,000144,000109,808120,789132,868146,154 160,770176,847194,5321,405,767Plant Utilities120,000210,000240,000240,000240,000240,000240,000 240,000240,000240,0002,250,000Garbage removal/Janitorial30,00045,62652,47052,47052,47052,47052,47 052,47052,47052,470495,388Plant telephone7,2007,2007,2007,2007,2007,2007,2007,2007,2007,20 072,000Plant payroll expense 495,000675,000825,000885,000915,000975,0001,005,0001,065, 0001,095,0001,125,0009,060,000Health Benefits 45,36097,200105,000100,000100,000100,000100,000100,00010 0,000100,000947,560WC & P/R Expense59,40081,00099,000106,200109,800117,000120,600127 ,800131,400135,0001,087,200Installation/Additional Equipment250,000- 0200,000- 0- 0- 0- 0- 0- 0- 0450,000Total COGS1,816,9602,024,5762,481,0352,317,3662,370,4372,398,37 52,454,0952,544,9192,603,7862,664,44423,675,993Gross Profit583,040775,424318,9651,822,6342,879,5634,001,6254,44 5,9055,355,0816,246,2146,735,55633,164,007Expenses Other than GOGSLiability Insurance60,00091,253104,940104,940104,940104,940104,9401 04,940104,940104,940990,776Bank Service Charges1,5001,5001,5001,5001,5001,5001,5001,5001,5001,500 15,000Interest on debt90,627187,626232,323206,766166,740122,95975,07131,993 7,5391111,121,754Incentive Plan13,20016,50016,50016,50016,50016,50016,50016,50016,50 0145,200Management180,000180,000180,000180,000180,00019 0,000190,000190,000190,000190,0001,850,000Workers Comp./P/R Taxes21,60021,60021,60021,60021,60022,80022,80022,80022,8
0022,800222,000Health Insurance Benefit4,2005,0825,5905,5905,5905,5905,5905,5905,5905,5905 4,004Office/Administrative Expenses12,00015,97217,56917,56917,56917,56917,56917,5691 7,56917,569168,526Legal and Professional - Tax30,00010,00010,00010,00010,00010,00010,00010,00010,00 010,000120,000Cellular phones5,0005,0005,0005,0005,0005,0005,0005,0005,0005,0005 0,000Internet Services4,4005,8566,4426,4426,4426,4426,4426,4426,4426,442 61,793Postage & Delivery1,1001,4641,6111,6111,6111,6111,6111,6111,6111,611 15,448Office supplies11,0009,98310,98110,98110,98110,98110,98110,98110, 98110,981108,829Employee Food & Beverage1,1001,4641,6111,6111,6111,6111,6111,6111,6111,61 115,448Local/Business Taxes1,1001,4641,6111,6111,6111,6111,6111,6111,6111,61115, 448Property Taxes12,00015,00015,00015,00015,00015,00015,00015,00015,0 0015,000147,000Travel - Equip. Consultants25,00016,50016,50016,50016,50016,50016,50016,5 0016,50016,500173,500Licenses and Permits10,00010,00010,00010,00010,00010,00010,00010,00010 ,00010,000100,000Total Expense470,627592,964658,777633,220593,194560,613512,725 469,647445,193437,7655,374,724Net Income before Depreciation112,413182,460(339,812)1,189,4132,286,3693,441, 0123,933,1814,885,4345,801,0216,297,79127,789,282Depreciat ion Expense (185,770504,140652,915573,415409,635325,725299,025240,97 0124,95533,4503,350,000Tax Expense- 0- 0- 0- 099,961934,5861,090,2471,393,3391,702,8201,879,3027,100,25 5Net Income(73,357)(321,680)(992,727)615,9981,776,7732,180,7012 ,543,9093,251,1253,973,2464,385,03917,339,027Forecast of
Cash Flows Net Income before Depreciation112,413182,460(339,812)1,189,4132,286,3693,441, 0123,933,1814,885,4345,801,0216,297,79127,789,282Deduct startup costs- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0Cash flow before income taxes112,413182,460(339,812)1,189,4132,286,3693,441,0123,9 33,1814,885,4345,801,0216,297,79127,789,282Working Capital - 0- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0Lease Payments - Principal155,146303,919401,132426,689466,715510,496558,38 4370,759149,3717,3893,350,001Pre-Tax Cash Flow (42,733)(121,460)(740,944)762,7251,819,6542,930,5163,374,79 64,514,6745,651,6516,290,40224,439,282Taxes- 0- 0- 0- 099,961934,5861,090,2471,393,3391,702,8201,879,3027,100,25 5After tax - Cash Flow(42,733)(121,460)(740,944)762,7251,719,6931,995,9302,2 84,5493,121,3353,948,8314,411,10017,339,027 CSTX Forecast Forecast 11

Recommandé

Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
gertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docx
gertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA
Risk Management Insight FAIR(FACTOR ANA Risk Management Insight FAIR(FACTOR ANA
Risk Management Insight FAIR(FACTOR ANA
troutmanboris
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
adkinspaige22
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
boadverna
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
tarifarmarie
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
poulterbarbara
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
Priyanka Aash
 

Recommandé

Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
gertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docxRisk Management Insight FAIR(FACTOR ANA.docx
Risk Management Insight FAIR(FACTOR ANA.docx
gertrudebellgrove
 
Risk Management Insight FAIR(FACTOR ANA
Risk Management Insight FAIR(FACTOR ANA Risk Management Insight FAIR(FACTOR ANA
Risk Management Insight FAIR(FACTOR ANA
troutmanboris
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
adkinspaige22
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
boadverna
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
tarifarmarie
 
Risk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docxRisk Management Insight FAIR(FACTOR AN.docx
Risk Management Insight FAIR(FACTOR AN.docx
poulterbarbara
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
Priyanka Aash
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptx
Chandan Singh Ghodela
 
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis ISession 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Muizz Anibire
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
 
R af d
R af dR af d
R af d
William L. McGill
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
William L. McGill
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
Resolver Inc.
 
Risk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation SlidesRisk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation Slides
SlideTeam
 
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
SlideTeam
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004
Theim912
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health Co
MatthewTennant613
 
Types of risk
Types of riskTypes of risk
Types of risk
Imran
 
Project Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K SinhaProject Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K Sinha
Pankaj K Sinha
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
Jan Wong
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
Resolver Inc.
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
AjjuSingh2
 
Mitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation SlidesMitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation Slides
SlideTeam
 
3. op risk and aml
3. op risk and aml3. op risk and aml
3. op risk and aml
crmbasel
 
Mitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation SlidesMitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation Slides
SlideTeam
 
Lecture2.pptx
Lecture2.pptxLecture2.pptx
Lecture2.pptx
MohammedNouh7
 
. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx
madlynplamondon
 
-How did artwork produced in America from 1945 to 1960 compare to ar.docx
-How did artwork produced in America from 1945 to 1960 compare to ar.docx-How did artwork produced in America from 1945 to 1960 compare to ar.docx
-How did artwork produced in America from 1945 to 1960 compare to ar.docx
madlynplamondon
 

Contenu connexe

Similaire à Risk Management Insight FAIR(FACTOR ANA.docx

Risk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation SlidesRisk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation Slides
SlideTeam
 
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
SlideTeam
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health Co
MatthewTennant613
 
Project Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K SinhaProject Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K Sinha
Pankaj K Sinha
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
Resolver Inc.
 
Mitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation SlidesMitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation Slides
SlideTeam
 
3. op risk and aml
3. op risk and aml3. op risk and aml
3. op risk and aml
crmbasel
 
Mitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation SlidesMitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation Slides
SlideTeam
 

Similaire à Risk Management Insight FAIR(FACTOR ANA.docx (20)

OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptx
 
Session 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis ISession 04_Risk Assessment Program for YSP_Risk Analysis I
Session 04_Risk Assessment Program for YSP_Risk Analysis I
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
R af d
R af dR af d
R af d
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
Risk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation SlidesRisk Calculator PowerPoint Presentation Slides
Risk Calculator PowerPoint Presentation Slides
 
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation SlidesRisk Assessment And Mitigation Plan PowerPoint Presentation Slides
Risk Assessment And Mitigation Plan PowerPoint Presentation Slides
 
HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004HFMA Searching for Risk, April 2004
HFMA Searching for Risk, April 2004
 
Global Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health CoGlobal Health Comparison Grid TemplateGlobal Health Co
Global Health Comparison Grid TemplateGlobal Health Co
 
Types of risk
Types of riskTypes of risk
Types of risk
 
Project Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K SinhaProject Risk Management-Pankaj K Sinha
Project Risk Management-Pankaj K Sinha
 
L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)L008 Disaster Recovery Plan (2016)
L008 Disaster Recovery Plan (2016)
 
Relating Risk to Vulnerability
Relating Risk to Vulnerability Relating Risk to Vulnerability
Relating Risk to Vulnerability
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Mitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation SlidesMitigation Plan PowerPoint Presentation Slides
Mitigation Plan PowerPoint Presentation Slides
 
3. op risk and aml
3. op risk and aml3. op risk and aml
3. op risk and aml
 
Mitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation SlidesMitigation Plan Powerpoint Presentation Slides
Mitigation Plan Powerpoint Presentation Slides
 
Lecture2.pptx
Lecture2.pptxLecture2.pptx
Lecture2.pptx
 

Plus de madlynplamondon

. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx
madlynplamondon
 
. The Questioned Documents Unit (QDU) provides forensic support .docx
. The Questioned Documents Unit (QDU) provides forensic support .docx. The Questioned Documents Unit (QDU) provides forensic support .docx
. The Questioned Documents Unit (QDU) provides forensic support .docx
madlynplamondon
 
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
madlynplamondon
 
. What were the causes of World War II Explain how and why the Unit.docx
. What were the causes of World War II Explain how and why the Unit.docx. What were the causes of World War II Explain how and why the Unit.docx
. What were the causes of World War II Explain how and why the Unit.docx
madlynplamondon
 
. Complete the prewriting for the progress reportPrewriting p.docx
. Complete the prewriting for the progress reportPrewriting p.docx. Complete the prewriting for the progress reportPrewriting p.docx
. Complete the prewriting for the progress reportPrewriting p.docx
madlynplamondon
 
-This project is an opportunity to demonstrate the ability to analyz.docx
-This project is an opportunity to demonstrate the ability to analyz.docx-This project is an opportunity to demonstrate the ability to analyz.docx
-This project is an opportunity to demonstrate the ability to analyz.docx
madlynplamondon
 
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
madlynplamondon
 
------ Watch an online speechpresentation of 20 minutes or lo.docx
------ Watch an online speechpresentation of 20 minutes or lo.docx------ Watch an online speechpresentation of 20 minutes or lo.docx
------ Watch an online speechpresentation of 20 minutes or lo.docx
madlynplamondon
 
) Florida National UniversityNursing DepartmentBSN.docx
) Florida National UniversityNursing DepartmentBSN.docx) Florida National UniversityNursing DepartmentBSN.docx
) Florida National UniversityNursing DepartmentBSN.docx
madlynplamondon
 

Plus de madlynplamondon (20)

. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx. According to your textbook, Contrary to a popular misconception.docx
. According to your textbook, Contrary to a popular misconception.docx
 
-How did artwork produced in America from 1945 to 1960 compare to ar.docx
-How did artwork produced in America from 1945 to 1960 compare to ar.docx-How did artwork produced in America from 1945 to 1960 compare to ar.docx
-How did artwork produced in America from 1945 to 1960 compare to ar.docx
 
-Just thoughts and opinion on the reading-Consent and compen.docx
-Just thoughts and opinion on the reading-Consent and compen.docx-Just thoughts and opinion on the reading-Consent and compen.docx
-Just thoughts and opinion on the reading-Consent and compen.docx
 
. The Questioned Documents Unit (QDU) provides forensic support .docx
. The Questioned Documents Unit (QDU) provides forensic support .docx. The Questioned Documents Unit (QDU) provides forensic support .docx
. The Questioned Documents Unit (QDU) provides forensic support .docx
 
.  What is it about the fundamental nature and structure of the Olym.docx
.  What is it about the fundamental nature and structure of the Olym.docx.  What is it about the fundamental nature and structure of the Olym.docx
.  What is it about the fundamental nature and structure of the Olym.docx
 
-Learning objectives for presentation-Brief background o.docx
-Learning objectives for presentation-Brief background o.docx-Learning objectives for presentation-Brief background o.docx
-Learning objectives for presentation-Brief background o.docx
 
-You will need to play a phone game Angry Birds (any version) to mak.docx
-You will need to play a phone game Angry Birds (any version) to mak.docx-You will need to play a phone game Angry Birds (any version) to mak.docx
-You will need to play a phone game Angry Birds (any version) to mak.docx
 
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
. EDU 571 Week 5 Discussion 1 -Data Collection Please respond .docx
 
. What were the causes of World War II Explain how and why the Unit.docx
. What were the causes of World War II Explain how and why the Unit.docx. What were the causes of World War II Explain how and why the Unit.docx
. What were the causes of World War II Explain how and why the Unit.docx
 
. Complete the prewriting for the progress reportPrewriting p.docx
. Complete the prewriting for the progress reportPrewriting p.docx. Complete the prewriting for the progress reportPrewriting p.docx
. Complete the prewriting for the progress reportPrewriting p.docx
 
-in Filomena by Roberta Fernandez the author refers to the Mexican r.docx
-in Filomena by Roberta Fernandez the author refers to the Mexican r.docx-in Filomena by Roberta Fernandez the author refers to the Mexican r.docx
-in Filomena by Roberta Fernandez the author refers to the Mexican r.docx
 
-Write about a violent religious event in history.(Ex. Muslim ex.docx
-Write about a violent religious event in history.(Ex. Muslim ex.docx-Write about a violent religious event in history.(Ex. Muslim ex.docx
-Write about a violent religious event in history.(Ex. Muslim ex.docx
 
-This project is an opportunity to demonstrate the ability to analyz.docx
-This project is an opportunity to demonstrate the ability to analyz.docx-This project is an opportunity to demonstrate the ability to analyz.docx
-This project is an opportunity to demonstrate the ability to analyz.docx
 
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
-7 Three men are trapped in a cave with no hope of rescue and no foo.docx
 
-1. Are the three main elements of compensation systems—internal.docx
-1. Are the three main elements of compensation systems—internal.docx-1. Are the three main elements of compensation systems—internal.docx
-1. Are the three main elements of compensation systems—internal.docx
 
- What are the key differences between national health service (.docx
- What are the key differences between national health service (.docx- What are the key differences between national health service (.docx
- What are the key differences between national health service (.docx
 
--Describe and analyze the ways in which Alfons Heck’s participation.docx
--Describe and analyze the ways in which Alfons Heck’s participation.docx--Describe and analyze the ways in which Alfons Heck’s participation.docx
--Describe and analyze the ways in which Alfons Heck’s participation.docx
 
------ Watch an online speechpresentation of 20 minutes or lo.docx
------ Watch an online speechpresentation of 20 minutes or lo.docx------ Watch an online speechpresentation of 20 minutes or lo.docx
------ Watch an online speechpresentation of 20 minutes or lo.docx
 
) Florida National UniversityNursing DepartmentBSN.docx
) Florida National UniversityNursing DepartmentBSN.docx) Florida National UniversityNursing DepartmentBSN.docx
) Florida National UniversityNursing DepartmentBSN.docx
 
- Please answer question 2 at the end of the case.- cita.docx
- Please answer question 2 at the end of the case.- cita.docx- Please answer question 2 at the end of the case.- cita.docx
- Please answer question 2 at the end of the case.- cita.docx
 

Dernier

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Dernier (20)

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

Risk Management Insight FAIR(FACTOR ANA.docx

  • 1. Risk Management Insight FAIR (FACTOR ANALYSIS OF INFORMATION RISK) Basic Risk Assessment Guide FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC NOTE: Before using this assessment guide… Using this guide effectively requires a solid understanding of FAIR concepts ‣ As with any high-level analysis method, results can depend upon variables that may not be accounted for at this level of abstraction ‣ The loss magnitude scale described in this section is adjusted for a specific organizational size and risk capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.) may need to be adjusted when analyzing organizations of different sizes ‣ This process is a simplified, introductory version that may not be appropriate for some analyses
  • 2. Basic FAIR analysis is comprised of ten steps in four stages: Stage 1 – Identify scenario components 1. Identify the asset at risk 2. Identify the threat community under consideration Stage 2 – Evaluate Loss Event Frequency (LEF) 3. Estimate the probable Threat Event Frequency (TEF) 4. Estimate the Threat Capability (TCap) 5. Estimate Control strength (CS) 6. Derive Vulnerability (Vuln) 7. Derive Loss Event Frequency (LEF) Stage 3 – Evaluate Probable Loss Magnitude (PLM) 8. Estimate worst-case loss 9. Estimate probable loss Stage 4 – Derive and articulate Risk 10. Derive and articulate Risk Risk Loss Event Frequency Probable Loss
  • 3. Magnitude Threat Event Frequency Vulnerability Contact Action Control Strength Threat Capability Primary Loss Factors Secondary Loss Factors Asset Loss Factors Threat Loss Factors Organizational Loss Factors External Loss Factors FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC
  • 4. Stage 1 – Identify Scenario Components Step 1 – Identify the Asset(s) at risk In order to estimate the control and value characteristics within a risk analysis, the analyst must first identify the asset (object) under evaluation. If a multilevel analysis is being performed, the analyst will need to identify and evaluate the primary asset (object) at risk and all meta-objects that exist between the primary asset and the threat community. This guide is intended for use in simple, single level risk analysis, and does not describe the additional steps required for a multilevel analysis. Asset(s) at risk: _____________________________________________________ _ Step 2 – Identify the Threat Community In order to estimate Threat Event Frequency (TEF) and Threat Capability (TCap), a specific threat community must first be identified. At minimum, when evaluating the risk associated with malicious acts, the analyst has to decide whether the threat community is human or malware, and internal or external. In most circumstances, it’s appropriate to define the
  • 5. threat community more specifically – e.g., network engineers, cleaning crew, etc., and characterize the expected nature of the community. This document does not include guidance in how to perform broad-spectrum (i.e., multi-threat community) analyses. Threat community: _____________________________________________________ _ Characterization FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 2 – Evaluate Loss Event Frequency Step 3 – Threat Event Frequency (TEF) The probable frequency, within a given timeframe, that a threat agent will act against an asset Contributing factors: Contact Frequency, Probability of Action Very High (VH) > 100 times per year High (H) Between 10 and 100 times per year Moderate (M) Between 1 and 10 times per year
  • 6. Low (L) Between .1 and 1 times per year Very Low (VL) < .1 times per year (less than once every ten years) Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 4 – Threat Capability (Tcap) The probable level of force that a threat agent is capable of applying against an asset Contributing factors: Skill, Resources Very High (VH) Top 2% when compared against the overall threat population High (H) Top 16% when compared against the overall threat population Moderate (M) Average skill and resources (between bottom 16% and top 16%) Low (L) Bottom 16% when compared against the overall threat population Very Low (VL) Bottom 2% when compared against the overall
  • 7. threat population Rationale FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 5 – Control strength (CS) The expected effectiveness of controls, over a given timeframe, as measured against a baseline level of force Contributing factors: Strength, Assurance Very High (VH) Protects against all but the top 2% of an avg. threat population High (H) Protects against all but the top 16% of an avg. threat population Moderate (M) Protects against the average threat agent Low (L) Only protects against bottom 16% of an avg. threat population Very Low (VL) Only protects against bottom 2% of an avg. threat population Rationale
  • 8. FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 6 – Vulnerability (Vuln) The probability that an asset will be unable to resist the actions of a threat agent Tcap (from step 4): CS (from step 5): Vulnerability VH VH VH VH H M H VH VH H M L Tcap M VH H M L VL L H M L VL VL VL M L VL VL VL VL L M H VH Control Strength Vuln (from matrix above): FAIR™ Basic Risk Assessment Guide
  • 9. All Content Copyright Risk Management Insight, LLC Step 7 – Loss Event Frequency (LEF) The probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset TEF (from step 3): Vuln (from step 6): Loss Event Frequency VH M H VH VH VH H L M H H H TEF M VL L M M M L VL VL L L L VL VL VL VL VL VL VL L M H VH Vulnerability LEF (from matrix above): FAIR™ Basic Risk Assessment Guide
  • 10. All Content Copyright Risk Management Insight, LLC Stage 3 – Evaluate Probable Loss Magnitude Step 8 – Estimate worst-case loss Estimate worst-case magnitude using the following three steps: ‣ Determine the threat action that would most likely result in a worst-case outcome ‣ Estimate the magnitude for each loss form associated with that threat action ‣ “Sum” the loss form magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999
  • 11. Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Step 9 – Estimate probable loss Estimate probable loss magnitude using the following three steps: ‣ Identify the most likely threat community action(s) ‣ Evaluate the probable loss magnitude for each loss form ‣ “Sum” the magnitudes Loss Forms Threat Actions Productivity Response Replacement Fine/Judgments Comp. Adv. Reputation Access Misuse Disclosure Modification
  • 12. Deny Access Magnitude Range Low End Range High End Severe (SV) $10,000,000 -- High (H) $1,000,000 $9,999,999 Significant (Sg) $100,000 $999,999 Moderate (M) $10,000 $99,999 Low (L) $1,000 $9,999 Very Low (VL) $0 $999 FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Stage 4 – Derive and Articulate Risk Step 10 – Derive and Articulate Risk The probable frequency and probable magnitude of future loss Well-articulated risk analyses provide decision-makers with at least two key pieces of information: ‣ The estimated loss event frequency (LEF), and ‣ The estimated probable loss magnitude (PLM) This information can be conveyed through text, charts, or both.
  • 13. In most circumstances, it’s advisable to also provide the estimated high-end loss potential so that the decision-maker is aware of what the worst-case scenario might look like. Depending upon the scenario, additional specific information may be warranted if, for example: ‣ Significant due diligence exposure exists ‣ Significant reputation, legal, or regulatory considerations exist Risk Severe H H C C C High M H H C C PLM Significant M M H H C Moderate L M M H H Low L L M M M Very Low L L M M M VL L M H VH LEF LEF (from step 7): PLM (from step 9): WCLM (from step 8): Key Risk Level
  • 14. C Critical H High M Medium L Low FAIR™ Basic Risk Assessment Guide All Content Copyright Risk Management Insight, LLC Requirements In preparing and supporting your recommendation to either make the investment or not, include the following items as part of your analysis: · Analysis of financial information. · Identification of risks associated with the investment. Consider: . How risky the project appears. . How far off your estimates of revenues and expenses can be before your decision would change. . The difference if the company were to use a straight line versus a MACRS depreciation. · Recommendation for a course of action. · Explanation of criteria supporting your recommendation. Financial Information As part of your analysis you might find that additional information from marketing, accounting, or finance would be useful in making an informed and well-supported recommendation. In a real workplace setting you would have the ability to ask for that information. However, for the purposes of this assessment, you can make assumptions about the values of that data or ratios in support of your recommendation.
  • 15. Accounting worked with the marketing group to create the ZXY Company Financial Statements spreadsheet for the new products business and the new facility. Notes about the financial information: · The expense line labeled SQF FDA Mandates refers to the costs of complying with Food and Drug Administration requirements. · Depreciation expense is calculated using 7-year life modified accelerated cost recovery system (MACRS). Deliverable Format Depending on the audience you choose to address, use one of the following options: · Presentation for top leadership. Prepare a presentation of at least 12 slides detailing your recommendation and the information you used to make your recommendation. You may use your choice of presentation software. Include notes with additional details. Keep in mind that your recommendation may be shared with others, so your materials should be designed for clarity and readability. Related company standards for either format: · The recommendation report is a professional document and should therefore follow the corresponding MBA Academic and Professional Document Guidelines, including single-spaced paragraphs. · In addition to the report or presentation, include: . Title (slide or page). . References (slide or page). . Appendix with supporting materials. . At least two APA-formatted references. Evaluation By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies through corresponding scoring guide criteria: · Competency 2: Apply principles of accounting to assess financial performance.
  • 16. . Analyze financial statements for decision support. . Explain risks associated with an investment decision. · Competency 3: Analyze accounting information to support business decisions. . Recommend a course of action based on financial information. . Explain how financial criteria support a decision. · Competency 4: Communicate financial information with multiple stakeholders. . Communicate accounting information clearly. Faculty will use the scoring guide to review your deliverable as if they were your boss. Review the scoring guide prior to developing and submitting your assessment. ZXYZXY - Forecast Ten YearsPro-Forma Income StatementYear 1Year 2Year 3Year 4Year 5Year 6Year 7Year 8Year 9Year 10TotalBrand new Acme System - full systemIncomeRevenueProduct A2,400,0002,800,0002,800,0003,240,0003,900,0003,900,0003,9 00,0003,900,0003,900,0003,900,00034,640,000Product B900,0001,350,0002,500,0003,000,0004,000,0004,950,0005,500 ,00022,200,000Total · Revenue2,400,0002,800,0002,800,0004,140,0005,250,0006,400, 0006,900,0007,900,0008,850,0009,400,00056,840,000Cost of Goods SoldPest Control50,00066,55073,20573,20573,20573,20573,20573,20573 ,20573,205702,190SQF FDA mandates90,00090,00090,00090,00090,00030,00030,00030,0003 0,00030,000600,000Rent - Plant400,000408,000416,160424,483432,973441,632450,46545 9,474468,664478,0374,379,888Plant Equip. - Fklf - Scrb/Lease40,00064,00064,00064,00064,00064,00064,00064,00 064,00064,000616,000Plant Equip. - Ongoing maintenance50,00070,00075,00075,00075,00075,00075,00075,0 0075,00075,000720,000Plant Equip. - Parts40,00050,00050,00050,00050,00050,00050,00050,00050,0
  • 17. 0050,000490,000Miscellaneous - Equipment15,00015,00015,00015,00015,00015,00015,00015,00 015,00015,000150,000Building repairs25,00025,00025,00025,00025,00025,00025,00025,00025, 00025,000250,000Plant supplies100,000120,000144,000109,808120,789132,868146,154 160,770176,847194,5321,405,767Plant Utilities120,000210,000240,000240,000240,000240,000240,000 240,000240,000240,0002,250,000Garbage removal/Janitorial30,00045,62652,47052,47052,47052,47052,47 052,47052,47052,470495,388Plant telephone7,2007,2007,2007,2007,2007,2007,2007,2007,2007,20 072,000Plant payroll expense 495,000675,000825,000885,000915,000975,0001,005,0001,065, 0001,095,0001,125,0009,060,000Health Benefits 45,36097,200105,000100,000100,000100,000100,000100,00010 0,000100,000947,560WC & P/R Expense59,40081,00099,000106,200109,800117,000120,600127 ,800131,400135,0001,087,200Installation/Additional Equipment250,000- 0200,000- 0- 0- 0- 0- 0- 0- 0450,000Total COGS1,816,9602,024,5762,481,0352,317,3662,370,4372,398,37 52,454,0952,544,9192,603,7862,664,44423,675,993Gross Profit583,040775,424318,9651,822,6342,879,5634,001,6254,44 5,9055,355,0816,246,2146,735,55633,164,007Expenses Other than GOGSLiability Insurance60,00091,253104,940104,940104,940104,940104,9401 04,940104,940104,940990,776Bank Service Charges1,5001,5001,5001,5001,5001,5001,5001,5001,5001,500 15,000Interest on debt90,627187,626232,323206,766166,740122,95975,07131,993 7,5391111,121,754Incentive Plan13,20016,50016,50016,50016,50016,50016,50016,50016,50 0145,200Management180,000180,000180,000180,000180,00019 0,000190,000190,000190,000190,0001,850,000Workers Comp./P/R Taxes21,60021,60021,60021,60021,60022,80022,80022,80022,8
  • 18. 0022,800222,000Health Insurance Benefit4,2005,0825,5905,5905,5905,5905,5905,5905,5905,5905 4,004Office/Administrative Expenses12,00015,97217,56917,56917,56917,56917,56917,5691 7,56917,569168,526Legal and Professional - Tax30,00010,00010,00010,00010,00010,00010,00010,00010,00 010,000120,000Cellular phones5,0005,0005,0005,0005,0005,0005,0005,0005,0005,0005 0,000Internet Services4,4005,8566,4426,4426,4426,4426,4426,4426,4426,442 61,793Postage & Delivery1,1001,4641,6111,6111,6111,6111,6111,6111,6111,611 15,448Office supplies11,0009,98310,98110,98110,98110,98110,98110,98110, 98110,981108,829Employee Food & Beverage1,1001,4641,6111,6111,6111,6111,6111,6111,6111,61 115,448Local/Business Taxes1,1001,4641,6111,6111,6111,6111,6111,6111,6111,61115, 448Property Taxes12,00015,00015,00015,00015,00015,00015,00015,00015,0 0015,000147,000Travel - Equip. Consultants25,00016,50016,50016,50016,50016,50016,50016,5 0016,50016,500173,500Licenses and Permits10,00010,00010,00010,00010,00010,00010,00010,00010 ,00010,000100,000Total Expense470,627592,964658,777633,220593,194560,613512,725 469,647445,193437,7655,374,724Net Income before Depreciation112,413182,460(339,812)1,189,4132,286,3693,441, 0123,933,1814,885,4345,801,0216,297,79127,789,282Depreciat ion Expense (185,770504,140652,915573,415409,635325,725299,025240,97 0124,95533,4503,350,000Tax Expense- 0- 0- 0- 099,961934,5861,090,2471,393,3391,702,8201,879,3027,100,25 5Net Income(73,357)(321,680)(992,727)615,9981,776,7732,180,7012 ,543,9093,251,1253,973,2464,385,03917,339,027Forecast of
  • 19. Cash Flows Net Income before Depreciation112,413182,460(339,812)1,189,4132,286,3693,441, 0123,933,1814,885,4345,801,0216,297,79127,789,282Deduct startup costs- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0Cash flow before income taxes112,413182,460(339,812)1,189,4132,286,3693,441,0123,9 33,1814,885,4345,801,0216,297,79127,789,282Working Capital - 0- 0- 0- 0- 0- 0- 0- 0- 0- 0- 0Lease Payments - Principal155,146303,919401,132426,689466,715510,496558,38 4370,759149,3717,3893,350,001Pre-Tax Cash Flow (42,733)(121,460)(740,944)762,7251,819,6542,930,5163,374,79 64,514,6745,651,6516,290,40224,439,282Taxes- 0- 0- 0- 099,961934,5861,090,2471,393,3391,702,8201,879,3027,100,25 5After tax - Cash Flow(42,733)(121,460)(740,944)762,7251,719,6931,995,9302,2 84,5493,121,3353,948,8314,411,10017,339,027 CSTX Forecast Forecast 11