Unit 4 Individual Assignment for CIS222: Fundamentals of Security
Unit 4 Individual Assignment
Due: Midnight Sunday of Unit 4
The Chief Financial Officer (CFO) made some complaints to the CEO regarding recent capital expenditures for security software. You try to lighten the blow by explaining the value of controlling security.
In a point paper to the CEO, explain the cost benefit analysis method you use to do a quantitative assessment before investing in a security control.
Complete and include the table below in your paper.
Historical PCS incidents Cost per Incident Frequency of Occurrence SLE ARO ALE
Theft of information (hacker) $25,500 1 every 5 years 25,500 .2
Theft of information (employee) $50,000 1 every 2 years 50,000 .5
Web defacement $500 1 per month 12.0 $6,000
Theft of equipment $5,000 1 per year 1.0 $5,000
Virus, worms, Trojan horses $1,500 1,500 52.0 $78,000
Denial-of-service attacks $2,500 2,500 4.0 $10,000
You are currently deciding whether to invest in data loss prevention software. You have some reliable statistics that the software will reduce your information theft incidents by half of the current values. The cost of the software is $100K per year. Recalculate the new ARO and ALE for hacker and employee information theft. Based on these new values, explain your decision whether or not to invest in the Data Loss Prevention Software.
Projected PCS incidents with Data Theft Prevention Software Cost per Incident Frequency of Occurrence SLE ARO ALE
Theft of information (hacker) $25,500 1 every 5 years 25,500
Theft of information (employee) $50,000 1 every 2 years 50,000
The requirements for your assignment are:
• 2-3 page APA paper excluding title and reference pages
• Provide at least two references and in-text citations in APA format
• College level writing
Students: Be sure to read the criteria, by which your paper/project will be evaluated, before you write, and again after you write.
Assessment Rubric for Unit 4 Assignment
Criteria Deficient Proficient Exemplary
0-9 points 10-39 points 40-60 points
Mastery of concepts The deliverable does not convey the relevant concepts and terminology from the Unit reading. The deliverable is missing or unclear on some relevant concepts and terminology from the Unit reading. The deliverable strongly conveys the relevant concepts and terminology from the Unit reading.
0-5 points 6-10 points 11-15 points
Content length The deliverable was significantly short of the length objectives. The deliverable was lacking in length. The deliverable met or exceeded the length objectives
0-5 points 6-10 points 11-15 points
Demonstrated Research The submission did not meet the research reference and citation objective. The research references and/or citations were not presented properly or relevant to the assignment. The deliverable included relevant references and citations that met or exceeded the objectives.
0-1 points 2-4 points 5-10 points
Clear and professional writing and format Errors impede professional presentation; guidelines not followed. Few errors that do not impede professional presentation. Writing and format is clear, professional, and error free.
—
Unit 4 Individual Assignment for CIS222: Security Fundamentals Unit 4 Individual Assignment
Unit 4 is due at midnight on Sunday.
The Chief Financial Officer (CFO) approached the CEO with some concerns about recent capital expenditures for security software. You try to soften the shock by emphasizing the importance of security control.
Explain the cost benefit analysis strategy you employ to make a quantitative assessment before investing in a security control in a point paper to the CEO.
Fill in the blanks in the table below and incorporate it in your report.
PCS occurrences in the past
Frequency of Occurrence Cost per Incident
SLE ARO ALE
Theft of information (hacker) $25,500
1 every 5 years 25,500 .2
Theft of information (employee) $50,000
1 every 2 years 50,000 .5
Web defacement $500 1 per month
