You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half. Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually. Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years. Answer the following questions as part of your analysis: Note: You need to provide full detail of your analysis of the case study. With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents? With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution? With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?
You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half. Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually. Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years. Answer the following questions as part of your analysis: Note: You need to provide full detail of your analysis of the case study. With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents? With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution? With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?
Computer Networking: A Top-Down Approach (7th Edition)
7th Edition
ISBN:9780133594140
Author:James Kurose, Keith Ross
Publisher:James Kurose, Keith Ross
Chapter1: Computer Networks And The Internet
Section: Chapter Questions
Problem R1RQ: What is the difference between a host and an end system? List several different types of end...
Related questions
Question
You are the new
- Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half.
- Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually.
- Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years.
Answer the following questions as part of your analysis:
Note: You need to provide full detail of your analysis of the case study.
- With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents?
- With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution?
- With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by step
Solved in 2 steps
Recommended textbooks for you
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Computer Networking: A Top-Down Approach (7th Edi…
Computer Engineering
ISBN:
9780133594140
Author:
James Kurose, Keith Ross
Publisher:
PEARSON
Computer Organization and Design MIPS Edition, Fi…
Computer Engineering
ISBN:
9780124077263
Author:
David A. Patterson, John L. Hennessy
Publisher:
Elsevier Science
Network+ Guide to Networks (MindTap Course List)
Computer Engineering
ISBN:
9781337569330
Author:
Jill West, Tamara Dean, Jean Andrews
Publisher:
Cengage Learning
Concepts of Database Management
Computer Engineering
ISBN:
9781337093422
Author:
Joy L. Starks, Philip J. Pratt, Mary Z. Last
Publisher:
Cengage Learning
Prelude to Programming
Computer Engineering
ISBN:
9780133750423
Author:
VENIT, Stewart
Publisher:
Pearson Education
Sc Business Data Communications and Networking, T…
Computer Engineering
ISBN:
9781119368830
Author:
FITZGERALD
Publisher:
WILEY