- •Table of contents
- •Executive Summary
- •Recommendations
- •Operational Environment and System Configuration
- •The Risk Assessment Team
- •Organization Details of SpecOrg
- •Physical Plant and Physical Security
- •System Configuration
- •Terms and Definitions
- •Risk Analysis Methodology
- •RiskWatch Parameters and Data Analysis
- •Executive Summary Scope
- •Risk Analysis Steps
- •Key Risk Analysis Report Findings
- •Summary of asset categories
- •Assets within category
- •Direct, Personnel
- •Dollars
- •Safeguard: Physical Access Control
- •Safeguard: Classification Markings
- •Safeguard: Data Encryption
- •Safeguard: Life Cycle Management
- •Safeguard: Personnel Clearances
- •Safeguard: Quality Assurance
- •Safeguard: Security Policy
- •Recommendations
- •Physical Access Control
- •Application Controls
- •Classification Markings
- •Contract Specifications
- •Data Encryption
- •Detection System
- •Life Cycle Management
- •Passwords/Authenticaion
- •Personnel Clearances
- •Personnel Control
- •Quality Assurance
- •Risk Analysis
- •Security Policy
- •Return On Invest ment(roi). Calculated in order of the 10 highest roIs.
- •5.1 Summary of safeguards
- •Initial costs
Recommendations
[[[One hundred seventy]]] vulnerabilities were identified which, if not corrected, could result in considerable loss to SpecOrg.
Immediate steps which can be taken are:
[[[
Correct the fire detection and control vulnerabilities identified during the walk-through.
Publish and disseminate SpecOrg Disaster Recovery Plan.
Develop a system-generated cover page for and improve the control of sensitive output listings.
Review the security of terminals at the Parkview Building.
Test the adequacy of current system software and user file backups.
Remind users of the importance of backing up tape files.
Provide additional training on and enforce existing security policies and procedures.
Publish and disseminate an SpecOrg-wide policy on the handling of sensitive documents and develop a uniform cover sheet for these documents.
Review SpecOrg staffing and separation of duties.
SpecOrg System Security Officer, in coordination with SpecOrg management, should develop a Risk Management Plan to address the implementation of the safeguards with the greatest return on investment.
]]]
[[[
Twelve major safeguards (see CHAPTER IX., Applicable Safeguard Cost Benefit
Analysis Summary Table) were recommended which, if implemented, would substantially reduce losses if these threats occurred or prevent the threats from occurring altogether.
SpecOrg System Security Officer should develop a Risk Management Plan in cooperation with SpecOrg management, who will make the final decision as to the selection of applicable safeguards. The Plan will identify the specific steps required to implement the selected safeguards and recommend to SpecOrg management the priority for safeguard implementation.
]]]
5.2 FULL SAFEGUARD REPORT
This report contains information about each safeguard, including a cost benefit analysis.
Physical Access Control
Lifetime: 3 Implementation Cost: $2,000,000. Annual Maintenance Cost: $500,000.
-
Year
Benefits
Costs
Disc. Ben(0.1)
Disc. Cost(0.1)
DB-DC(0.1)
1
$35,824.
$2,000,000.
$32,567.
$1,818,181.
$-1,785,614.
2
$35,824.
$500,000.
$29,606.
$413,223.
$-383,616.
3
$35,824.
$500,000.
$26,915.
$375,657.
$-348,742.
Sum of discounted benefits (0.05): $97,557. Sum of discounted benefits (0.1): $89,088. Sum of discounted benefits (0.15): $81,793. Sum of discounted costs (0.05): $2,790,193. Sum of discounted costs (0.1): $2,607,061. Sum of discounted costs (0.15): $2,445,959. Benefit Cost Ratio (0.05): 0.03
Benefit Cost Ratio (0.1): 0.03
Benefit Cost Ratio (0.15): 0.03
Return On Investment (0.05): 0.01
Return On Investment (0.1): 0.01
Return On Investment (0.15): 0.01
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0