Hi all I am a Graduate Student at UMD and am working on a paper on
security risk perception. I was wondering if you good souls would
find it in your heart to help a poor (overworked underpaid) graduate
student. I will be grateful if you can take a few minutes out to fill
this 5 question survey. I will not be able to disclose information
about this paper as it may bias your reply. But I will be happy to
share the paper with you if you are interested once it is written. The
paper is about security risk assessment off course.
The survey is very simple below are basic definitions of risk
assessment which are followed by 5 questions. I assure you that this
is not SPAM and the reason I am using e-mail instead of a webpage is
that often people don't click the link to fill in a small survey. The
question regarding your job function is there because I can classify
the response accordingly.
Thank you for your help. May god bless you for helping the poor and
needy.
Regards,
S. Hull
DEINITIONS
--------Annualized Loss Expectancy (ALE)-----
Annualized Loss Expectancy (ALE) is the expected monetary loss that
can be expected for an asset due to a risk over a one year period. It
is defined as:
ALE baseline = SLE * ARO
where SLE is the Single Loss Expectancy and ARO is the Annualized Rate
of Occurrence.
---------Single Loss Expectancy-------
The Single Loss Expectancy (SLE) is the expected monetary loss every
time a risk occurs. The Single Loss Expectancy, Asset Value (AV), and
exposure factor (EF) are related by the formula:
SLE = AV * EF
Where asset value (AV) is a monetary value assigned to an asset and
exposure factor ( EF) is the proportion of an asset's value that is
likely to be destroyed by a particular risk, expressed as a percentage
Annualized Rate of Occurrence is the probability that a risk will
occur in a particular year
-------Benefits of safeguard---------
The savings or reduction in loss is given by
S = ALE baseline - ALE with new safeguard
The benefit from investment is equivalent to the reduction in loss and
is given by
B= Loss Reduction
Alternative Explanation
An alternative explanation of ALE is as given below.
ALE= (Expected Rate of Loss) x (value of the loss)
The savings or reduction in loss is given by
S = ALE baseline - ALE with new safeguard
The benefit from investment is equivalent to the reduction in loss and
is given by
B= Loss Reduction
QUESTIONS
1. ALE with new safeguard < ALE baseline
______ True
______ False
______ Neither true nor false
______ Can't say
Answer:
2. Introduction of a safeguard
a. Increases risk
b. Decreases risk
c. Does not change the risk
d. All of the above (a, b and c)
e. Introduces new risk
Answer:
3. Introduction of a new safeguard
a. Does not impact the effectiveness of other safeguards
b. Decreases the effectiveness of other safeguards
c. Increases the effectiveness of other safeguards
d. May impact the effectiveness of other safeguards
Answer:
4. My role in security decision is
a. Security Analyst
b. Security Administrators
c. Decision Maker
d. System Administrator
e. ___________________
Answer:
5. When it comes to security risk assessment
a. I am an expert
b. I am new to this concept
c. I am familiar with the concept
d. I use it all the time
e. ___________________
Answer:
Security Questions- A graduate student needs help 
Linear Mode
