A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of 5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased, which of the following is the expected net savings?
A.
9000
B.
2,290
C.
2,700
D.
5,000
How are they coming up this number? If each employee gets paid $90 per hour and it takes three hours to get get machines up and running that would be $270 per employee. Take that times 30 employees and you get $8100. If you subtract $5000 from that you get $3100.
annual rate of occurance(ARO) X single loss expectancy(SLE) = annual loss expentancy(ALE)…. therefore…. $270 X 30 = $8100(SLE)… 0.9(ARO)x8100(SLE) = 7290… 7290-5000 = 2290
but it says “if” the anti-malware soft is not adequate, so why would you mutliple the .9 if you’re getting the software. If I’m correct buying the software the company shouldn’t have no failures.
The question is to determine how much money you would say by actually getting the antivirus software. To determine this you have to calculate how much it would cost you if you had an incident minus the cost to purchase the protection and that would be your savings (what it would have cost without protection minus cost to be protected).
Darryl, if you don’t buy the software then you save the $5000 but you have a 90% chance each year to lose $8100 (3 hours x 30 employees x $90 = $8100).
If you have a 90% chance every year to lose $8100, then your AVERAGE annual loss would be $7290 (8100 x 0.9). Having the software will prevent the workstations from being compromised but you will pay $5000 annually.
So, this question is asking you what your potential net savings would be annually…comparing -$5000 or -$7290, of which you get your answer in that you would save $2290.
I really don’t understand why ARO can sometimes be a regular number and sometimes a percentage. I expected the 90% to be the EF (EF is always percentage I thought?). I also don’t see how paying staff for the 3 hours they’re there should effect the ALE, since I assume:
1. They would be there, and paid, regardless
2. There’s nothing suggesting the staff are even salaried: if they’re hourly, and I’m a manager that can send them home until the system is fixed, then is is completely a non-factor. Ok, maybe 1 or 2 would be there fixing the system, and so they’d be paid, but I think you understand what I’m getting at.
Terrible question.