CIS 401 – Cyber Risk Management

CIS 401 – Cyber Risk Management
Homework Assignment #05
Your assignment: Answer Problem 6 in chapter 5 (Controls for Information Security) of the text.
Part A – Use the following facts to assess the time-based model of security for ABC Company.
How well does the existing system protect ABC? Assume that the best, average, and worst case estimates
are independent for each component of the model.
• Estimated time that existing controls will protect the system from attack 15 minutes (worst case),
20 minutes (average case), and 25 minutes (best case)
• Estimated time to detect that an attack is happening 5 minutes (best case), 8 minutes (average
case) and 10 minutes (worst case)
• Estimated time to respond to an attack once it has been detected 6 minutes (best case), 14 minutes
(average case), and 20 minutes (worst case)
Part B – ABC Company is considering investing up to an additional $100,000 to improve its security. Given
the following possibilities, which single investment (select an Option below) would you recommend? Which
combination of investments (select two (2) Options below) would you recommend? Explain your answer.
Option 1 An investment of $75,000 would change the estimates for protection time to 19 minutes
(worst case), 23 minutes (average case), and 30 minutes (best case).
Option 2 An investment of $75,000 would change the estimates for detection time to 2 minutes (best
case), 4 minutes (average case), and 7 minutes (worst case).
Option 3 An investment of $75,000 would change the estimates for response time to 3 minutes (best
case), 6 minutes (average case), and 10 minutes (worst case).
Option 4 An investment of $25,000 would change the estimates for protection time to 17 minutes
(worst case), 22 minutes (average case), and 28 minutes (best case).
Option 5 An investment of $25,000 would change the estimates of detection time to 4 minutes (best
case), 7 minutes (average case) and 9 minutes (worst case).
Option 6 An investment of $25,000 would change the estimates for response time to 4 minutes (best
case), 9 minutes (average case), and 12 minutes (worst case).
Utilize the attached section titled Hints for Solving this Assignment in this document to support your
answers.
Deliverable: Submit your answers with supporting materials to justify your recommendations.
IMPORTANT: To get full credit, you need to create formulas to fill in the cells using the methodology
provided in the Hints for Solving this Assignment section of this document.

Assignment Submission
1. Create a Word document, provide your Name, ASURITE #, Course Number & Title, & Class Section # at
the top of page, left justified.
2. Complete the assignment as outlined above.
3. Create a one (1) PDF document from the Word document using the file name format:
CIS401_HW05_yourlastname_firstinitial.pdf
4. Submit the PDF document on Canvas
See Canvas for the Due Date & Time.

Hints for Solving this Assignment
You need to consider all the possibilities simultaneously for each scenario. One way to do so is to create a
matrix that holds one of the variables constant and then shows the outcome for all combinations of the
other two variables.
Example: let’s hold P constant at the best case scenario (P = 25). Now let’s create a matrix of all the possible
combinations of D and R (best, average, and worst cases):
D=5 (best case) D=8 (average case) D=10 (worst case)
R=6 (best case)
R=14 (average case)
R=20 (worst case)
Then fill in the cells by plugging the values into the time-based model formula. For example, given that P =
25 (best case), then if both D and R are the best cases, too then the formula is:
25 > 5 + 6? ….. And the answer is YES.
We could rearrange the formula to calculate the score, as follows:
P > D + R  P – (D+R) with positive scores being good, negative scores bad. Thus, in our example, we have
25 – (5+6) = 14, which is a positive score, so that combination is good.
If we did that for all combinations, we would get the following:
Scores for P = 25 (best case for P)
D=5 (best case) D=8 (average case) D=10 (worst case)
R=6 (best case) 14 11 9
R=14 (average case) 6 3 1
R=20 (worst case) 0 -3 -5
We could even color code the cells to show good (green), neutral (yellow) and bad (red):
Scores for P = 25 (best case for P)
D=5 (best case) D=8 (average case) D=10 (worst case)
R=6 (best case) 14 11 9
R=14 (average case) 6 3 1
R=20 (worst case) 0 -3 -5
You will need to repeat this for the average and worst case scenarios of P. Then look at the patterns to
make a general conclusion about:
• When (under what conditions) the ABC Company can consider itself secure
• If you have probability estimates for best, average and worse you can even calculate a more precise
answer

Customer Order

  • Drop files here or
  • $ 0.00