Question

se the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model.The company is considering investing up to an additional $100,000 to improve its security. Given the following possibilities, which single investment would you recommend? Which combination of investments would you recommend? Explain your answer.A. An investment of $75,000 would change the estimates for protection time to 19 minutes (worst case), 23 minutes (average case), and 30 minutes (best case).B. An investment of $75,000 would change the estimates for detection time to 2 minutes (best case), 4 minutes (average case), and 7 minutes (worst case).C. An investment of $75,000 would change the estimates for response time to 3 minutes (best case), 6 minutes (average case), and 10 minutes (worst case).D. An investment of $25,000 would change the estimates for protection time to 17 minutes (worst case), 22 minutes (average case), and 28 minutes (best case).E. An investment of $25,000 would change the estimates of detection time to 4 minutes (best case), 7 minutes (average case) and 9 minutes (worst case).F. An investment of $25,000 would change the estimates for response time to 4 minutes (best case), 9 minutes (average case), and 12 minutes (worst case).

Answer 1

Answer:

Question Completed:

Use the following facts to assess the time-based model of security for the ABC Company;  how well does the existing system protect ABC? Assume that the best-, average-,  and worst-case estimates are independent for each component of the model.

1) Estimated time that existing controls will protect the system from attack = 15  minutes (worst case), 20 minutes (average case), and 25 minutes (best case)

2) Estimated time to detect that an attack is happening = 5 minutes (best case), 8  minutes (average case) and 10 minutes (worst case)

3) Estimated time to respond (or correct) to an attack once it has been detected = 6 minutes  (best case), 14 minutes (average case), and 20 minutes (worst case)  

Current Estimate

Case                       P             D            R         Time based security(P>D+R)

Best                      25              5           6           25 > 11

Average               20              8           14           20 < 22

Worst                    15              10          20           15 < 30

Assumptions      

A) Case                       P             D            R         Time based security(P>D+R)

     Best                      30            5           6           30 > 11

     Average               23            8           14           23 > 22

     Worst                    19            10          20           19 < 30

B) Case                       P             D            R         Time based security(P>D+R)

     Best                      25            2           6           25 > 8

   Average                 20            4           14           20 > 18

    Worst                      15            7          20           15 < 27

C) Case                       P             D            R         Time based security(P>D+R)

     Best                      25             5           3           25 > 8

    Average                20              8           6           20 > 14

    Worst                    15              10          10           15 < 20

D) Case                       P             D            R         Time based security(P>D+R)

    Best                       28              5           6           28 > 11

    Average                22              8           14           22 = 22

    Worst                     17              10          20           17 < 30

E) Case                       P             D            R         Time based security(P>D+R)

     Best                      25            4           6           25 > 10

   Average                 20            7           14           20 < 21

    Worst                      15            9          20           15 < 29

F) Case                       P             D            R         Time based security(P>D+R)

     Best                      25             5           4           25 > 9

    Average                20              8           9           20 > 17

    Worst                    15              10          12           15 < 22

Explanation:

Question 1) Which single investment would you recommend?

A single investment of $75,000 in option C. This gives a margin of +17 on the best case scenario and +6 on the average case scenario and -5 on the worst case scenario, which is the best alternative on the 3 scenarios as the joint outcome is +18 (17 + 6 - 5).

Question 2) Which combination?

Note that since the total amount is $100,000, the combination would be a $75,000 and a $25,000 investment

The combination of A and F, gives the best outcome on the 3 cases in comparison to other combinations

Case                       P             D            R         Time based security(P>D+R)

 Best                      30             5           4           30 > 9

Average                 23            8           9           23 > 17

Worst                     19              10          12          19 < 22