CISSP Equations

Published by Matt Clemons on

I have trouble remembering all of these, so I’m stashing them here.

1. Risk Management Equations

Annualized Loss Expectancy (ALE)

  • Equation: ALE = SLE * ARO
  • Components:
    • SLE (Single Loss Expectancy): Cost of a single incident.
    • ARO (Annual Rate of Occurrence): Expected frequency of the incident per year.
  • Example: A system with an SLE of $20,000 and an ARO of 3 has an ALE of $20,000 * 3 = $60,000.

Single Loss Expectancy (SLE)

  • Equation: SLE = Asset Value * Exposure Factor
  • Components:
    • Asset Value: Financial worth of the asset.
    • Exposure Factor (EF): Percentage of asset value lost in an event.
  • Example: A server valued at $50,000 with an EF of 30% has an SLE of 50,000 * 0.3 = $15,000.

Return on Security Investment (ROSI)

  • Equation: ROSI = (ALE1 - ALE2 - ACS) / ACS
  • Components:
    • ALE1: ALE before implementing control.
    • ALE2: ALE after implementing control.
    • ACS (Annual Cost of Safeguard): Cost of the security measure.
  • Example: A security control reducing ALE from $70,000 to $20,000 at an annual cost of $10,000 has a ROSI of (70,000 - 20,000 - 10,000) / 10,000 = 4, a 400% return on investment.

Cost/Benefit Analysis

  • Equation: (ALE1 - ALE2) - ACS
  • Purpose: This formula helps determine the cost-effectiveness of implementing a security control.
  • Example: Reducing ALE from $60,000 to $30,000 with an annual cost of $20,000 results in a benefit of (60,000 - 30,000) - 20,000 = $10,000.

2. System Reliability and Maintenance Metrics

Mean Time Between Failures (MTBF)

  • Equation: MTBF = Total Operational Time / Number of Failures
  • Purpose: Predicts the average operational time between system failures.
  • Example: A server with 12,000 hours of operation and 4 failures has an MTBF of 12,000 / 4 = 3,000 hours.

Mean Time to Repair (MTTR)

  • Equation: MTTR = Total Downtime / Number of Failures
  • Purpose: Estimates the average repair time required for a system.
  • Example: If total downtime is 8 hours for 4 failures, MTTR = 8 / 4 = 2 hours.

Availability

  • Equation: Availability = MTBF / (MTBF + MTTR)
  • Purpose: Determines system uptime reliability.
  • Example: With MTBF = 3,000 hours and MTTR = 2 hours, Availability = 3,000 / (3,000 + 2) = 0.9993 or 99.93%.

3. Cryptography and Access Control Calculations

Symmetric Key Management

  • Equation: n(n-1)/2
  • Purpose: Calculates the number of keys required for symmetric encryption among n participants.
  • Example: For a system with 6 participants, 6(6-1)/2 = 15 keys.

Asymmetric Key Management

  • Equation: 2n
  • Purpose: Determines the number of keys needed for each user in asymmetric encryption.
  • Example: With 5 users, 2 * 5 = 10 keys are needed.

False Positive Rate (FPR)

  • Equation: FPR = FP / (FP + TN)
  • Purpose: Measures benign actions mistakenly flagged as threats.
  • Example: With 20 false positives out of 150 non-threats, FPR = 20 / (20 + 130) = 0.133 or 13.3%.

False Negative Rate (FNR)

  • Equation: FNR = FN / (FN + TP)
  • Purpose: Determines the rate of missed detections in threat systems.
  • Example: With 5 false negatives out of 40 true threats, FNR = 5 / (5 + 35) = 0.125 or 12.5%.

Crossover Error Rate (CER)

  • Definition: The rate at which the False Acceptance Rate (FAR) equals the False Rejection Rate (FRR).
  • Purpose: CER reflects the accuracy of biometric systems. Lower values indicate higher accuracy.

4. Probability and Bayesian Analysis

Bayesian Probability

  • Equation: P(A|B) = (P(B|A) * P(A)) / P(B)
  • Purpose: Calculates the conditional probability of event A given B, useful in threat intelligence.
  • Example: If an event has a 20% chance given a condition with 10% occurrence probability and a conditional probability of 0.8, then P(A|B) = (0.8 * 0.2) / 0.1 = 0.16 or 16%.

Sensitivity and Specificity

  • Sensitivity: Sensitivity = TP / (TP + FN)
  • Specificity: Specificity = TN / (TN + FP)
  • Purpose: Measures system accuracy in correctly identifying true positives and negatives.
  • Example: In a system with 50 true positives, 10 false negatives, 90 true negatives, and 15 false positives:
    • Sensitivity = 50 / (50 + 10) = 0.833 or 83.3%
    • Specificity = 90 / (90 + 15) = 0.857 or 85.7%

5. Quantitative Risk Metrics

Exposure Factor (EF)

  • Equation: EF = % of Asset Value Exposed to Loss
  • Purpose: Represents the impact level of an asset if a specific threat occurs.
  • Example: If 40% of an asset worth $100,000 is exposed, EF = 0.4.

Value of a Safeguard

  • Equation: (ALE1 - ALE2) - ACS
  • Purpose: Compares the value of a safeguard or security control by its cost-benefit ratio.
  • Example: If a safeguard reduces ALE from $80,000 to $50,000 with an annual cost of $15,000, its value is (80,000 - 50,000) - 15,000 = $15,000.

6. Binary and Boolean Logic Operations

XOR (Exclusive OR)

  • Purpose: The XOR operation is used extensively in encryption, outputting true only when inputs differ.
  • Example: XOR between 1101 and 1011 results in 0110.

AND, OR, and NOT Operations

  • Usage: These operations support ACL and cryptographic processes, manipulating bits and access conditions within systems.
Categories: Security

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Security

IR 1: Introduction to Incident Handling

Introduction In incident response, following a structured approach is fundamental to maintaining clarity, control, and precision. This post covers the essential concepts in incident handling, breaking down the life cycle stages and key operations within Read more…

Security

Detection Engineering 5: Taking Action

The goal of detection engineering isn’t just to identify potential threats but to take meaningful action based on those findings. After documenting and analyzing your results, it is time to determine which findings require escalation, Read more…

Security

Detection Engineering 4: Documenting and Expanding Investigations

As you analyze and interpret detection results, effective documentation becomes essential. Documentation provides a clear record of what has been observed, what steps have been taken, and where the investigation is headed. In this post, Read more…