Logout Open In App
Open In App
Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Chapter 8: Problem 10

Risk analysis is one way to monitor security in an organization. Risk analysis can be a timeconsuming process; it involves a number of steps, some of which require "educated guessing." Nevertheless, the process alone raises awareness of security issues even if no immediate actions are taken as a result. The steps are: i. Identify assets (infrastructure, people, hardware, software, reputation, etc.). For the rest of this list, we'll concentrate on a single asset. ii. Determine vulnerability (what event or events might happen to the asset. For example, the building could catch fire, the website could be hacked, etc.).For the rest of this list, we'll concentrate on a single asset vulnerable to a single event. iii. Estimate the probability per year of this event (based on past data, expert estimates, etc.). Take current security measures into account. iv. Estimate the expected cost if this event occurs (cost to repair or replace, cost of lost business, etc.). v. Compute risk exposure \(=\) cost estimate \(X\) probability estimate. vi. Identify any additional security measure \(X\) that would help protect against this event, determine what it would cost, and do a calculation of the risk exposure with the additional security measure \(X\) in place. vii. Do a cost-benefit analysis: (Risk exposure without \(X\) - Risk exposure with \(X\) - Cost of \(X\) You have a small web-based business that uses a single server to manage your webpage and your customer information. Over the past four years, your website has been hacked and taken down twice. You estimate that the cost of this event is \(\$ 600\) to clean the server and reload the webpage and \(\$ 12,000\) in lost business while the server is down. a. You could purchase a backup server for a cost of \(\$ 3,000\), which you estimate would reduce the probability per year of losing your website to \(0.2\). Would this be a costeffective security measure? b. What if you reevaluate the probability per year with the backup server to be \(0.3\). Does this change your answer?

Short Answer

Expert verified
a. Yes, it's cost-effective; b. No, it's not cost-effective.

Step by step solution

01

Identify the Asset and Vulnerability

The asset in question is the single server that manages the webpage and customer information. The vulnerability is the server being hacked and taken down.
02

Estimate Past Event Probability

Over four years, the website was hacked twice, giving an estimated yearly probability of \(0.5\) (2/4 = 0.5).
03

Estimate the Cost if Event Occurs

The cost includes \\(600 for server cleanup and reload, plus \\)12,000 for lost business. Total cost if event occurs = \$12,600.
04

Compute Risk Exposure Without Additional Security

Risk exposure is computed as the product of probability and cost: \[ Risk\ Exposure = 0.5 \times 12,600 = 6,300 \].
05

Calculate Reduced Probability With Backup Server (Case a)

With a backup server, the probability reduces to \(0.2\).
06

Compute New Risk Exposure With Backup Server (Case a)

New risk exposure = \(0.2 \times 12,600 = 2,520\).
07

Calculate Cost-Benefit for Backup Server (Case a)

Cost-Benefit = Risk exposure without backup - Risk exposure with backup - Cost of backup = \[6,300 - 2,520 - 3,000 = 780\]. Since the cost-benefit is positive, it is a cost-effective measure.
08

Reevaluate Probability With Backup Server (Case b)

For case (b), the probability with a backup server is \(0.3\).
09

Compute New Risk Exposure With Re-evaluated Probability (Case b)

New risk exposure = \(0.3 \times 12,600 = 3,780\).
10

Calculate Cost-Benefit for Backup Server (Case b)

Cost-Benefit = Risk exposure without backup - Risk exposure with backup - Cost of backup = \[6,300 - 3,780 - 3,000 = -480\]. Since the cost-benefit is negative, it is not a cost-effective measure.

Unlock Step-by-Step Solutions & Ace Your Exams!

  • Full Textbook Solutions

    Get detailed explanations and key concepts

  • Unlimited Al creation

    Al flashcards, explanations, exams and more...

  • Ads-free access

    To over 500 millions flashcards

  • Money-back guarantee

    We refund you if you fail your exam.

Start your free trial

Over 30 million students worldwide already upgrade their learning with Vaia!

Key Concepts

These are the key concepts you need to understand to accurately answer the question.

Security Measures
Security measures are essential tools used to protect valuable assets in any organization or business. These measures aim to prevent potential security breaches from occurring or at least lessen their impact if they do occur. When managing a web-based business, such as the one described in the exercise, security measures must be put in place to safeguard the server that handles the company's webpage and customer data.
Some common security measures include the installation of firewalls, regular updates to software, and even having a backup server. A backup server can be particularly helpful as it provides a secondary line of defense by keeping the website running even if the primary server is attacked or fails. By taking these precautions, businesses can ensure that their operations remain secure and the likelihood of extensive damage is minimized.
Cost-Benefit Analysis
Cost-benefit analysis plays a crucial role in determining the most suitable security measures for a business. This process involves comparing the potential benefits of a security measure against its cost. In other words, you calculate whether the savings made from avoiding potential security breaches outweigh the expenses on new security measures.
In the context of the exercise, purchasing a backup server involves considering the initial cost (for example, $3,000) and evaluating how much it reduces the risk of a security breach. If the cost-benefit analysis yields a positive value, it implies that the benefits of adopting the security measure outweigh the costs, making it a worthwhile investment. On the other hand, if the analysis results in a negative outcome, it suggests that the gains might not justify the expenditure.
Cost-benefit analysis aids businesses in making informed decisions by quantifying perceived benefits and costs, ensuring that resources are allocated appropriately to enhance security.
Risk Exposure Calculation
Risk exposure calculation is a critical part of risk analysis, helping organizations understand the potential financial impact of a risk occurring. This calculation involves multiplying the probability of an event by the cost it causes.
For example, in the exercise, without a backup server, the risk exposure is calculated as follows: the probability of the server being hacked is 0.5, and the resulting cost is $12,600, leading to a risk exposure of $6,300 (calculated as 0.5 multiplied by $12,600).
Adding additional security measures like a backup server changes this calculation. If this measure reduces the probability of a hack to 0.2, the new risk exposure becomes $2,520 (0.2 multiplied by $12,600). Understanding risk exposure helps businesses identify the most vulnerable areas and prioritize resources to mitigate potential risks effectively.

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Most popular questions from this chapter

The default passcode on a cell phone is usually 4 digits, each 0-9. a. How many different passcodes are possible? b. If you can enter a 4-digit passcode in one second, about how long would it take you to try all possible passcodes?

The DES algorithm combines two bit strings by applying the XOR operator on each pair of corresponding bits. Compute the 6-bit string that results from \(100111 \oplus 110101\).

Merriam-Webster's Collegiate Dictionary, 11th ed. (Merriam-Webster, Inc., 2003), contains over 225,000 entries. Using a password-cracking tool that can process \(1.7\) million words per second, how long would it take to test each word in the dictionary as a possible password?

If a message is encrypted using AES with a key length of 256 bits, the brute force approach to decryption involves generating each of the \(2^{256}\) possible keys in turn until one is found that decodes the encrypted message. Quantum computing was discussed in Chapter 5. Using a quantum computer, how many qubits are required to represent all \(2^{256}\) possible keys simultaneously?

A certain individual has a Hilton account, a RitzCarlton account, and a Marriott International account. The following email message is sent to this individual. Point out clues that should alert this individual that he or she is the victim of a phishing attack. We here at Marriott appreciate your loyalty as a customer. We want to make things more easy for you when you travel, so we have partnered with Hilton and Ritz-Carlton to create a unified rewards program. Now when you stay at any of these fine brand hotels, you will earn award points that can apply to a future stay at any of the three hotels. For you we will quick set this up, just click on the link below to get started: WWW.Mariott.com
See all solutions

Recommended explanations on Computer Science Textbooks

Issues in Computer Science

Read Explanation

Theory of Computation

Read Explanation

Blockchain Technology

Read Explanation

Computer Organisation and Architecture

Read Explanation

Algorithms in Computer Science

Read Explanation

Computer Systems

Read Explanation
View all explanations

What do you think about this solution?

We value your feedback to improve our textbook solutions.

Study anywhere. Anytime. Across all devices.

Sign-up for free