Define Risk, threats and vulnerability as applied to information security   

1. Define Risk, threats and vulnerability as applied to information security
2. The IT asset value of ABC limited is 200 thousand kwacha. This asset has an exposure factor of 20% with an annualized rate of occurrence of 1/10. Calculate:
   1. The single loss expectancy
   2.  The expected value of a loss in a year:
3. The Probability of attack on an IT infrastructure is 0.78 and Probability that the attack successfully exploits the vulnerability is 0.23. If the value lost by successful exploitation of vulnerability is 10Million kwacha. Calculate the risk.                      [5]
4. Suppose the fraction of risk mitigated by current control on the asset in b) is 2/5 and the fraction of risk not fully known is 3/5. Calculate the risk using the whitmans risk model.                                                                                                                         [4]

Question Two

1. In the context of IT compare and contrast:
   1. Policy and standards
   2. procedures and guidelines
2. Outline the three basic requirements of  information security
3. If the Annualized Loss Expectancy of the risk before and after the implementation of the control is 10 and 20 respectively. Compute the cost benefit analysis assuming an Annual Cost of the Safeguard of 5.                                                                             [4]
4. ABC limited (a fictitious company) is a data centre providing storage and internet services to several clients. The company has 99.6% uptime and 0.4% downtime in a day.
   1. Define uptime and downtime as applied to information security

Calculate the system availability of this company