CISM Certified Information Security Manager – Question0413

In performing a risk assessment on the impact of losing a server, the value of the server should be calculated using the:

A.
original cost to acquire.
B. cost of the software stored.
C. annualized loss expectancy (ALE).
D. cost to obtain a replacement.

Correct Answer: D

Explanation:

Explanation:
The value of the server should be based on its cost of replacement. The original cost may be significantly different from the current cost and, therefore, not as relevant. The value of the software is not at issue because it can be restored from backup media. The ALE for all risks related to the server does not represent the server’s value.