- •Final report
- •I. Executive Summary II. Recommendations
- •1.1 Operational Environment and System Configuration
- •1.1.1 The Risk Assessment Team
- •1.1.2 Organization Details of SpecOrg
- •1.1.3 Physical Plant and Physical Security
- •1.1.4 System Configuration
- •1.2 Terms and Definitions
- •Introduction 13
- •1.3 Risk Analysis Methodology
- •1.4 RiskWatch Parameters and Data Analysis
- •I. Executive Summary
- •Executive Summary 2
- •2.1 Summary of asset categories
- •2.2 Assets within category
- •II. Recommendations
- •5.2.1 Physical Access Control
- •5.2.4 Contract Specifications
- •5.2.7 Life Cycle Management
- •5.2.9 Personnel Clearances
- •5.2.12 Risk Analysis
- •5.1 Summary of safeguards
- •Initial costs
- •5 Others (16.0%)
II. Recommendations
[[[One hundred seventy]]] vulnerabilities were identified which, if not corrected, could result in considerable loss to SpecOrg.
Immediate steps which can be taken are:
[[[
Correct the fire detection and control vulnerabilities identified during the walk-through.
Publish and disseminate SpecOrg Disaster Recovery Plan.
Develop a system-generated cover page for and improve the control of sensitive output listings.
Review the security of terminals at the Parkview Building.
Test the adequacy of current system software and user file backups.
Remind users of the importance of backing up tape files.
Provide additional training on and enforce existing security policies and procedures.
Publish and disseminate an SpecOrg-wide policy on the handling of sensitive documents and develop a uniform cover sheet for these documents.
Review SpecOrg staffing and separation of duties.
SpecOrg System Security Officer, in coordination with SpecOrg management, should develop a Risk Management Plan to address the implementation of the safeguards with the greatest return on investment. ]]]
[[[
Twelve major safeguards (see CHAPTER IX., Applicable Safeguard Cost Benefit Analysis Summary Table) were recommended which, if implemented, would substantially reduce losses if these threats occurred or prevent the threats from occurring altogether.
SpecOrg System Security Officer should develop a Risk Management Plan in cooperation with SpecOrg management, who will make the final decision as to the selection of applicable safeguards. The Plan will identify the specific steps required to implement the selected safeguards and recommend to SpecOrg management the priority for safeguard implementation.
]]]
5.2 FULL SAFEGUARD REPORT
This report contains information about each safeguard, including a cost benefit analysis.
5.2.1 Physical Access Control
Lifetime: 3 Implementation Cost: $2,000,000. Annual Maintenance Cost: $500,000.
-
Year
Benefits
Costs
Disc. Ben(0.1)
Disc. Cost(0.1)
DB-DC(0.1)
1
$35,824.
$2,000,000.
$32,567.
$1,818,181.
$-1,785,614.
2
$35,824.
$500,000.
$29,606.
$413,223.
$-383,616.
3 $35,824.
$500,000.
$26,915.
$375,657.
$-348,742.
Sum of discounted benefits
(0.05): $97,557.
Sum of discounted benefits (0.1): $89,088.
Sum of discounted benefits (0.15): $81,793.
Sum of discounted costs (0.05): $2,790,193. Sum of discounted costs (0.1): $2,607,061.
Sum of discounted costs (0.15): $2,445,959.
Benefit Cost Ratio (0.05): 0.03
Benefit Cost Ratio (0.1): 0.03
Benefit Cost Ratio (0.15): 0.03
Return On Investment (0.05): 0.01 Return On Investment (0.1): 0.01
Return On Investment (0.15): 0.01
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.2 Application Controls
Lifetime: 3 Implementation Cost: $50,000.
Annual Maintenance
Cost: $50,000.
Year Benefits
Costs
Disc. Ben(0.1)
Disc. Cost(0.1)
DB-DC(0.1)
1 $505,503.
$50,000.
$459,547.
$45,454.
$414,093.
2 $505,503.
$50,000.
$417,770.
$41,322.
$376,448.
3 $505,503. $50,000.
$379,791.
$37,565.
$342,225.
Sum of discounted benefits (0.05): $1,376,608. Sum of discounted benefits (0.1): $1,257,108.
Sum of discounted benefits (0.15): $1,154,175.
Sum of discounted costs (0.05): $136,161.
Sum of discounted costs (0.1): $124,341.
Sum of discounted costs (0.15): $114,160.
Benefit Cost Ratio (0.05): 10.11
Benefit Cost Ratio (0.1): 10.11
Benefit Cost Ratio (0.15): 10.11
Return On Investment (0.05): 3.37 Return On Investment (0.1): 3.37
Return On Investment (0.15): 3.37
Payback period (0.05): 1
Payback period (0.1): 1
Payback period (0.15): 1
5.2.3 Classification Markings
Lifetime: 3 Implementation Cost: $500,000. Annual
Maintenance Cost:
$50,000.
Year Benefits Costs
Disc. Ben(0.1) Disc. Cost(0.1)
DB-DC(0.1)
1 $2,354. $500,000. $2,140. $454,545. $-452,405. 2 $2,354. $50,000. $1,945. $41,322. $-39,376.
3 $2,354. $50,000. $1,768. $37,565. $-35,796.
Sum of discounted benefits (0.05): $6,410. Sum of discounted benefits (0.1): $5,853.
Sum of discounted benefits (0.15): $5,375.
Sum of discounted costs (0.05): $564,732.
Sum of discounted costs (0.1): $533,432.
Sum of discounted costs (0.15): $505,464.
Benefit Cost Ratio (0.05): 0.01 Benefit Cost Ratio (0.1): 0.01
Benefit Cost Ratio (0.15): 0.01
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0