se the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect

Question

4 years ago

11

se the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect

ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model.The company is considering investing up to an additional $100,000 to improve its security. Given the following possibilities, which single investment would you recommend? Which combination of investments would you recommend? Explain your answer.A. An investment of $75,000 would change the estimates for protection time to 19 minutes (worst case), 23 minutes (average case), and 30 minutes (best case).B. An investment of $75,000 would change the estimates for detection time to 2 minutes (best case), 4 minutes (average case), and 7 minutes (worst case).C. An investment of $75,000 would change the estimates for response time to 3 minutes (best case), 6 minutes (average case), and 10 minutes (worst case).D. An investment of $25,000 would change the estimates for protection time to 17 minutes (worst case), 22 minutes (average case), and 28 minutes (best case).E. An investment of $25,000 would change the estimates of detection time to 4 minutes (best case), 7 minutes (average case) and 9 minutes (worst case).F. An investment of $25,000 would change the estimates for response time to 4 minutes (best case), 9 minutes (average case), and 12 minutes (worst case).

Business

1 answer:

Sedbober [7] · Answer 1 · 2021-12-22T13:12:59+03:00

Answer:

Question Completed:

Use the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model.

1) Estimated time that existing controls will protect the system from attack = 15 minutes (worst case), 20 minutes (average case), and 25 minutes (best case)

2) Estimated time to detect that an attack is happening = 5 minutes (best case), 8 minutes (average case) and 10 minutes (worst case)

3) Estimated time to respond (or correct) to an attack once it has been detected = 6 minutes (best case), 14 minutes (average case), and 20 minutes (worst case)

Current Estimate

Case P D R Time based security(P>D+R)

Best 25 5 6 25 > 11

Average 20 8 14 20 < 22

Worst 15 10 20 15 < 30

Assumptions

A) Case P D R Time based security(P>D+R)

Best 30 5 6 30 > 11

Average 23 8 14 23 > 22

Worst 19 10 20 19 < 30

B) Case P D R Time based security(P>D+R)

Best 25 2 6 25 > 8

Average 20 4 14 20 > 18

Worst 15 7 20 15 < 27

C) Case P D R Time based security(P>D+R)

Best 25 5 3 25 > 8

Average 20 8 6 20 > 14

Worst 15 10 10 15 < 20

D) Case P D R Time based security(P>D+R)

Best 28 5 6 28 > 11

Average 22 8 14 22 = 22

Worst 17 10 20 17 < 30

E) Case P D R Time based security(P>D+R)

Best 25 4 6 25 > 10

Average 20 7 14 20 < 21

Worst 15 9 20 15 < 29

F) Case P D R Time based security(P>D+R)

Best 25 5 4 25 > 9

Average 20 8 9 20 > 17

Worst 15 10 12 15 < 22

Explanation:

Question 1) Which single investment would you recommend?

A single investment of $75,000 in option C. This gives a margin of +17 on the best case scenario and +6 on the average case scenario and -5 on the worst case scenario, which is the best alternative on the 3 scenarios as the joint outcome is +18 (17 + 6 - 5).

Question 2) Which combination?

Note that since the total amount is $100,000, the combination would be a $75,000 and a $25,000 investment

The combination of A and F, gives the best outcome on the 3 cases in comparison to other combinations

Case P D R Time based security(P>D+R)

Best 30 5 4 30 > 9

Average 23 8 9 23 > 17

Worst 19 10 12 19 < 22