Cost Benefit Analysis Your Company S Web Site Is Sometimes Broken Into By Hacker
1. Cost-benefit analysis! Your company’s web site is sometimes broken into by hackers, with the following estimates of probabilities and costs:
· Each day there is a 0.4% chance that a script kiddie will only deface the web site, but cause no other damage. This would cost only $10,000 in lost sales.
· Each day there is a 0.2% chance (once every three hundred days) that an expert hacker will delete data and steal customers’ credit card numbers, costing $250,000.
· Remember how hackers stole all the data from Ashley Madison and killed the company? We estimate that each day there is a 0.02% chance (once in ten thousand days) that an expert hacker will steal all the company’s data, costing $1,000,000.
The big boss wants you to advise on which of these three solutions to buy:
I. We could do nothing and accept the problem.
II. A nice IBM firewall costs a huge $50,000 per year. It claims to prevent all script kiddie hackers and 95% of expert hackers.
III. A cheap Microsoft firewall costs only $8,000 per year. It claims to prevent 90% of script kiddie hackers and 50% of expert hackers.
The big boss wants you to advise which to choose. Feel free to use a spreadsheet or calculator or whatever you find the most convenient to answer these questions:
· Calculate the annualized loss expectancy (ALE) for the three kinds of hacker attacks. What is the total annual loss expectancy? (5 marks)
· For the three possible solutions, calculate the total annualized loss expectancy (ALE) if that solution was used? (12 marks)
· Calculate the cost-benefit of the three different solutions (6 marks)
· If the boss asks, is there a large difference between the solutions (are two solutions about the same), or is there a clear winner? (1 mark)
· A magazine article claims that the IBM firewall doesn’t stop 95% of expert hackers, it only stops 90% of expert hackers. Would this small difference cause you to change your advice? (2 marks)
· The Microsoft salesperson offers to reduce the price from $8,000 per year, to completely free. Would free software change your advice? (2 marks)