An organization determines that the probability of unauthorized access by intern

Question

An organization determines that the probability of unauthorized access by internal employees to the database server that contains credit card numbers of its client is 5% in a year. The total estimate of the loss due to this exposure is estimated to be 100 million dollars. This includes losses resulting from loss of reputation, business, fines imposed by FCC, legal fee to defend its executives and law suites.   The total cost of a product that will implement stronger access control and allow security administrator to track such unauthorized access is $500,000. It is estimated that, if implemented, it will protect from 90% of all such attacks. The annual cost of maintenance is 10% of the product cost. The product should work well for next five years. Should the organization purchase this product?

Explanation / Answer

Net loss per year: $100,000,000.

And if this happens for 5 years assume, the total net loss is: $500,000,000.

Now, lets assume we deploy, the required technology to implement better security.

The cost of product: $500,000.

Annual maintenance cost: 10 % of $500,000 = $50,000.

If the product works well for 5 years, you need to maitain it for 5 years.

Therefore the maintenance cost for 5 years is: $50,000 * 5 = $250,000.

Therefore, overall cost of the product for 5 years is: initial cost + maintenance cost. = $500,000 + $250,000 = $750,000

And this reduces the loss by 90% = $500,000,000 * 0.9 = $450,000,000

And finally, we conclude that, provided we invest an amount of $750,000 for 5 years, it saves an amount of $450,000,000 over 5 years. And obviously its a wise investment. So, the organization should purchase the product.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.