Download MIS 4850 Systems Security In-Class Exercise 1 (Part 2) January 20

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts
no text concepts found
Transcript 
MIS 4850 Systems Security
In-Class Exercise 1 (Part 2)
January 20, 2016
Student Name: _________________________________________
Risk Assessment at Data Services Inc.
The CIO at Data Services Inc. wants to evaluate the organizational information security system. In terms of
technology, the system consists of four solutions: Application firewalls, Packet Firewalls, an intrusion
prevention system, and training programs. The CIO’s objective is to have a complete a risk assessment that will
help determine the following: (a) the net bypass rate considering all four solutions, (b) the incident risk in
terms of dollar amounts, (c) the residual risk in terms of dollar amounts, (d) the net benefit in terms of dollar
amounts, (e) the cost, and the risk-based return on investment (RRIO). The CIO assembled a team that
gathered the following information about information security incidents in the organization over the course of
one year period.
Table 1: Incident occurrence and damage
Observed occurrence
Observed damage ($)
Malware infections
110
100,000
Type of incident
Denial of service attacks
6
300,000
System penetration
3
70,000
The team also gathered the following information from technology vendors and government agencies like the
U.S. Computer Emergency Readiness Team or US-CERT.
Table 2: Bypass rate by security solution
Application Firewalls
Packet Firewalls
Intrusion Prevention System
Training Programs
Malware infections
10%
100%
70%
75%
Type of incident
Denial of service attacks
100%
10%
75%
80%
System penetration
90%
90%
10%
75%
Your assignment
1) Based on the information provided, calculate the net bypass rate and the incident risk for each type of
incident. Note: you may need to use a sheet of paper to perform the calculation and then report your
answers in the table below.
Table 3: Calculated net bypass rates and incident risks
Malware infections
Type of incident
Denial of service attacks
System penetration
Application Firewalls
Packet Firewalls
Intrusion Prevention System
Training Programs
Net bypass rate
Observed damages ($)
Incident risk ($)
478184845
1/2
2) Calculate the baseline scenario (in terms of dollar amount.
Baseline scenario: $________________________
3) Based on the information provided and the Risk Assessment material seen in class, calculate the residual
risk, the net benefit, the cost, and the RRIO for each of the four security solutions. The team has come up
with the cost for implementing each of the solutions as follow: $10,500 for application firewalls, $85,000
for packet firewalls, $90,500 for IPS, and $55,000 for training programs.
Note: you may need to use a sheet of paper to perform the calculation and then report your answers in
the table below.
Table 4: RRIO for each security solution
Residual risk ($)
Application Firewalls
Packet Firewalls
Intrusion Prevention System
Training Programs
478184845
Net benefit ($)
Cost ($)
RRIO (%)
2/2
Related documents
Slide 1
Slide 1
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
View File
View File
Self Matters: Confronting Stress and Taking Care of yourself
Self Matters: Confronting Stress and Taking Care of yourself
Internet Safety Lesson - High Point University
Internet Safety Lesson - High Point University
CPSC 6126 Computer Security
CPSC 6126 Computer Security
Firewall
Firewall
File - Wisconsin MABAS Division 112
File - Wisconsin MABAS Division 112
AMIA 2000 Presentation as PowerPoint
AMIA 2000 Presentation as PowerPoint
Network Security
Network Security