You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half. Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually. Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years. Answer the following questions as part of your analysis: Note: You need to provide full detail of your analysis of the case study. With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents? With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution? With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?

You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions. Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half. Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually. Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years. Answer the following questions as part of your analysis: Note: You need to provide full detail of your analysis of the case study. With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents? With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution? With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?

Computer Networking: A Top-Down Approach (7th Edition)

7th Edition

ISBN:9780133594140

Author:James Kurose, Keith Ross

Publisher:James Kurose, Keith Ross

Chapter1: Computer Networks And The Internet

Section: Chapter Questions

Problem R1RQ: What is the difference between a host and an end system? List several different types of end...

See similar textbooks

Related questions

Question

Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is expected to reduce the risk by half.

Incident #2: This year, the company had a virus attack that took half of their customer support help desk offline for two days. Contracts fulfilled using the system are worth $10,000 every day. A similar virus attack is expected to happen every year. Upgrading the antivirus would cost $20,000 in licensing annually.

Incident #3: Last year's wildfire in the surrounding hills closed access to the business for two days. Wildfires happen every year. Additionally, the area is in an earthquake fault zone. An earthquake of enough magnitude to severely disrupt operations for several months happens about once every 10 years.

Answer the following questions as part of your analysis:

Note: You need to provide full detail of your analysis of the case study.

With regards to Incident #1, the information leakage event, would training the staff be a cost-effective measure to mitigate future incidents?
With regards to Incident #2, the virus attack, would purchasing the antivirus license be a cost-effective solution?
With regards to Incident #3, which scenario (earthquakes or wildfires) should management devote more of its resources towards mitigating? What would be an appropriate risk response?

Expert Solution