Reommendations |
1 |
II.Recommendations
[[[One hundred seventy]]] vulnerabilities were identified which, if not corrected, could result in considerable loss to SpecOrg.
Immediate steps which can be taken are:
[[[
•Correct the fire detection and control vulnerabilities identified during the walk-through.
•Publish and disseminate SpecOrg Disaster Recovery Plan.
•Develop a system-generated cover page for and improve the control of sensitive output listings.
•Review the security of terminals at the Parkview Building.
•Test the adequacy of current system software and user file backups.
•Remind users of the importance of backing up tape files.
•Provide additional training on and enforce existing security policies and procedures.
•Publish and disseminate an SpecOrg-wide policy on the handling of sensitive documents and develop a uniform cover sheet for these documents.
•Review SpecOrg staffing and separation of duties.
•SpecOrg System Security Officer, in coordination with SpecOrg management, should develop a Risk Management Plan to address the implementation of the safeguards with the greatest return on investment.
]]]
[[[
Twelve major safeguards (see CHAPTER IX., Applicable Safeguard Cost Benefit Analysis Summary Table) were recommended which, if implemented, would substantially reduce losses if these threats occurred or prevent the threats from occurring altogether.
SpecOrg System Security Officer should develop a Risk Management Plan in cooperation with SpecOrg management, who will make the final decision as to the selection of applicable safeguards. The Plan will identify the specific steps required to implement the selected safeguards and recommend to SpecOrg management the priority for safeguard implementation.
]]]
Safeguard Report |
1 |
5.2 FULL SAFEGUARD REPORT
This report contains information about each safeguard, including a cost benefit analysis.
5.2.1Physical Access Control
Lifetime: 3 Implementation Cost: $2,000,000. Annual Maintenance Cost: $500,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$35,824. |
$2,000,000. |
$32,567. |
$1,818,181. |
$-1,785,614. |
2 |
$35,824. |
$500,000. |
$29,606. |
$413,223. |
$-383,616. |
3 |
$35,824. |
$500,000. |
$26,915. |
$375,657. |
$-348,742. |
Sum of discounted benefits (0.05): $97,557.
Sum of discounted benefits (0.1): $89,088.
Sum of discounted benefits (0.15): $81,793.
Sum of discounted costs (0.05): $2,790,193.
Sum of discounted costs (0.1): $2,607,061.
Sum of discounted costs (0.15): $2,445,959.
Benefit Cost Ratio (0.05): 0.03
Benefit Cost Ratio (0.1): 0.03
Benefit Cost Ratio (0.15): 0.03
Return On Investment (0.05): 0.01
Return On Investment (0.1): 0.01
Return On Investment (0.15): 0.01
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.2Application Controls
Lifetime: 3 Implementation Cost: $50,000. Annual Maintenance Cost: $50,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$505,503. |
$50,000. |
$459,547. |
$45,454. |
$414,093. |
2 |
$505,503. |
$50,000. |
$417,770. |
$41,322. |
$376,448. |
3 |
$505,503. |
$50,000. |
$379,791. |
$37,565. |
$342,225. |
Sum of discounted benefits (0.05): $1,376,608.
Sum of discounted benefits (0.1): $1,257,108.
Sum of discounted benefits (0.15): $1,154,175.
Sum of discounted costs (0.05): $136,161.
Sum of discounted costs (0.1): $124,341.
Sum of discounted costs (0.15): $114,160.
Benefit Cost Ratio (0.05): 10.11
Benefit Cost Ratio (0.1): 10.11
Benefit Cost Ratio (0.15): 10.11
Return On Investment (0.05): 3.37
Return On Investment (0.1): 3.37
Return On Investment (0.15): 3.37
Payback period (0.05): 1
Payback period (0.1): 1
Payback period (0.15): 1
5.2.3Classification Markings
Lifetime: 3 Implementation Cost: $500,000. Annual Maintenance Cost: $50,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$2,354. |
$500,000. |
$2,140. |
$454,545. |
$-452,405. |
2 |
$2,354. |
$50,000. |
$1,945. |
$41,322. |
$-39,376. |
3 |
$2,354. |
$50,000. |
$1,768. |
$37,565. |
$-35,796. |
Sum of discounted benefits (0.05): $6,410.
Sum of discounted benefits (0.1): $5,853.
Sum of discounted benefits (0.15): $5,375.
Sum of discounted costs (0.05): $564,732.
Sum of discounted costs (0.1): $533,432.
Sum of discounted costs (0.15): $505,464.
Safeguard Report |
2 |
Benefit Cost Ratio (0.05): 0.01
Benefit Cost Ratio (0.1): 0.01
Benefit Cost Ratio (0.15): 0.01
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.4Contract Specifications
Lifetime: 1 Implementation Cost: $50,000. Annual Maintenance Cost: $100,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$0. |
$50,000. |
$0. |
$45,454. |
$-45,454. |
Sum of discounted benefits (0.05): $0.
Sum of discounted benefits (0.1): $0.
Sum of discounted benefits (0.15): $0.
Sum of discounted costs (0.05): $47,619.
Sum of discounted costs (0.1): $45,454.
Sum of discounted costs (0.15): $43,478.
Benefit Cost Ratio (0.05): 0.00
Benefit Cost Ratio (0.1): 0.00
Benefit Cost Ratio (0.15): 0.00
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.5Data Encryption
Lifetime: 5 Implementation Cost: $500,000. Annual Maintenance Cost: $500,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$2,545,362. |
$500,000. |
$2,313,965. |
$454,545. |
$1,859,420. |
2 |
$2,545,362. |
$500,000. |
$2,103,605. |
$413,223. |
$1,690,381. |
3 |
$2,545,362. |
$500,000. |
$1,912,368. |
$375,657. |
$1,536,710. |
4 |
$2,545,362. |
$500,000. |
$1,738,516. |
$341,506. |
$1,397,009. |
5 |
$2,545,362. |
$500,000. |
$1,580,469. |
$310,460. |
$1,270,009. |
Sum of discounted benefits (0.05): $11,020,083.
Sum of discounted benefits (0.1): $9,648,923.
Sum of discounted benefits (0.15): $8,532,446.
Sum of discounted costs (0.05): $2,164,736.
Sum of discounted costs (0.1): $1,895,391.
Sum of discounted costs (0.15): $1,676,075.
Benefit Cost Ratio (0.05): 5.09
Benefit Cost Ratio (0.1): 5.09
Benefit Cost Ratio (0.15): 5.09
Return On Investment (0.05): 1.02
Return On Investment (0.1): 1.02
Return On Investment (0.15): 1.02
Payback period (0.05): 1
Payback period (0.1): 1
Payback period (0.15): 1
5.2.6Detection System
Lifetime: 3 Implementation Cost: $1,000,000. Annual Maintenance Cost: $200,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$14,442. |
$1,000,000. |
$13,129. |
$909,090. |
$-895,961. |
2 |
$14,442. |
$200,000. |
$11,935. |
$165,289. |
$-153,353. |
3 |
$14,442. |
$200,000. |
$10,850. |
$150,262. |
$-139,412. |
Safeguard Report |
3 |
Sum of discounted benefits (0.05): $39,328.
Sum of discounted benefits (0.1): $35,914.
Sum of discounted benefits (0.15): $32,974.
Sum of discounted costs (0.05): $1,306,552.
Sum of discounted costs (0.1): $1,224,641.
Sum of discounted costs (0.15): $1,152,296.
Benefit Cost Ratio (0.05): 0.03
Benefit Cost Ratio (0.1): 0.03
Benefit Cost Ratio (0.15): 0.03
Return On Investment (0.05): 0.01
Return On Investment (0.1): 0.01
Return On Investment (0.15): 0.01
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.7Life Cycle Management
Lifetime: 1 |
Implementation Cost: $200,000. |
Annual Maintenance Cost: $0. |
|
||
|
|
|
|
|
|
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$347. |
$200,000. |
$315. |
$181,818. |
$-181,502. |
Sum of discounted benefits (0.05): $330.
Sum of discounted benefits (0.1): $315.
Sum of discounted benefits (0.15): $301.
Sum of discounted costs (0.05): $190,476.
Sum of discounted costs (0.1): $181,818.
Sum of discounted costs (0.15): $173,913.
Benefit Cost Ratio (0.05): 0.00
Benefit Cost Ratio (0.1): 0.00
Benefit Cost Ratio (0.15): 0.00
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.8Passwords/Authenticaion
Lifetime: 5 Implementation Cost: $40,000. Annual Maintenance Cost: $200,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$73. |
$40,000. |
$66. |
$36,363. |
$-36,297. |
2 |
$73. |
$200,000. |
$60. |
$165,289. |
$-165,228. |
3 |
$73. |
$200,000. |
$54. |
$150,262. |
$-150,208. |
4 |
$73. |
$200,000. |
$49. |
$136,602. |
$-136,552. |
5 |
$73. |
$200,000. |
$45. |
$124,184. |
$-124,138. |
Sum of discounted benefits (0.05): $313.
Sum of discounted benefits (0.1): $274.
Sum of discounted benefits (0.15): $242.
Sum of discounted costs (0.05): $713,512.
Sum of discounted costs (0.1): $612,700.
Sum of discounted costs (0.15): $531,298.
Benefit Cost Ratio (0.05): 0.00
Benefit Cost Ratio (0.1): 0.00
Benefit Cost Ratio (0.15): 0.00
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.9Personnel Clearances
Safeguard Report |
|
|
|
4 |
|
Lifetime: 1 |
Implementation Cost: $50,000. |
Annual Maintenance Cost: $100,000. |
|
||
|
|
|
|
|
|
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$8,730. |
$50,000. |
$7,936. |
$45,454. |
$-37,518. |
Sum of discounted benefits (0.05): $8,314.
Sum of discounted benefits (0.1): $7,936.
Sum of discounted benefits (0.15): $7,591.
Sum of discounted costs (0.05): $47,619.
Sum of discounted costs (0.1): $45,454.
Sum of discounted costs (0.15): $43,478.
Benefit Cost Ratio (0.05): 0.17
Benefit Cost Ratio (0.1): 0.17
Benefit Cost Ratio (0.15): 0.17
Return On Investment (0.05): 0.17
Return On Investment (0.1): 0.17
Return On Investment (0.15): 0.17
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.10Personnel Control
Lifetime: 3 Implementation Cost: $200,000. Annual Maintenance Cost: $100,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$85. |
$200,000. |
$77. |
$181,818. |
$-181,740. |
2 |
$85. |
$100,000. |
$70. |
$82,644. |
$-82,574. |
3 |
$85. |
$100,000. |
$63. |
$75,131. |
$-75,067. |
Sum of discounted benefits (0.05): $230.
Sum of discounted benefits (0.1): $210.
Sum of discounted benefits (0.15): $192.
Sum of discounted costs (0.05): $367,561.
Sum of discounted costs (0.1): $339,593.
Sum of discounted costs (0.15): $315,278.
Benefit Cost Ratio (0.05): 0.00
Benefit Cost Ratio (0.1): 0.00
Benefit Cost Ratio (0.15): 0.00
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.11Quality Assurance
Lifetime: 5 Implementation Cost: $400,000. Annual Maintenance Cost: $300,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$5,959. |
$400,000. |
$5,416. |
$363,636. |
$-358,219. |
2 |
$5,959. |
$300,000. |
$4,924. |
$247,933. |
$-243,009. |
3 |
$5,959. |
$300,000. |
$4,476. |
$225,394. |
$-220,917. |
4 |
$5,959. |
$300,000. |
$4,069. |
$204,904. |
$-200,834. |
5 |
$5,959. |
$300,000. |
$3,699. |
$186,276. |
$-182,576. |
Sum of discounted benefits (0.05): $25,795.
Sum of discounted benefits (0.1): $22,584.
Sum of discounted benefits (0.15): $19,971.
Sum of discounted costs (0.05): $1,394,078.
Sum of discounted costs (0.1): $1,228,143.
Sum of discounted costs (0.15): $1,092,601.
Benefit Cost Ratio (0.05): 0.02
Benefit Cost Ratio (0.1): 0.02
Benefit Cost Ratio (0.15): 0.02
Return On Investment (0.05): 0.00
Return On Investment (0.1): 0.00
Return On Investment (0.15): 0.00
Safeguard Report |
5 |
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.12Risk Analysis
Lifetime: 3 Implementation Cost: $100,000. Annual Maintenance Cost: $30,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$10,693. |
$100,000. |
$9,720. |
$90,909. |
$-81,188. |
2 |
$10,693. |
$30,000. |
$8,836. |
$24,793. |
$-15,956. |
3 |
$10,693. |
$30,000. |
$8,033. |
$22,539. |
$-14,505. |
Sum of discounted benefits (0.05): $29,117.
Sum of discounted benefits (0.1): $26,589.
Sum of discounted benefits (0.15): $24,412.
Sum of discounted costs (0.05): $148,363.
Sum of discounted costs (0.1): $138,241.
Sum of discounted costs (0.15): $129,365.
Benefit Cost Ratio (0.05): 0.20
Benefit Cost Ratio (0.1): 0.19
Benefit Cost Ratio (0.15): 0.19
Return On Investment (0.05): 0.07
Return On Investment (0.1): 0.06
Return On Investment (0.15): 0.06
Payback period (0.05): 0
Payback period (0.1): 0
Payback period (0.15): 0
5.2.13Security Policy
Lifetime: 3 Implementation Cost: $70,000. Annual Maintenance Cost: $40,000.
Year |
Benefits |
Costs |
Disc. Ben(0.1) |
Disc. Cost(0.1) |
DB-DC(0.1) |
1 |
$267,409. |
$70,000. |
$243,099. |
$63,636. |
$179,462. |
2 |
$267,409. |
$40,000. |
$220,999. |
$33,057. |
$187,941. |
3 |
$267,409. |
$40,000. |
$200,908. |
$30,052. |
$170,855. |
Sum of discounted benefits (0.05): $728,219.
Sum of discounted benefits (0.1): $665,006.
Sum of discounted benefits (0.15): $610,553.
Sum of discounted costs (0.05): $137,500.
Sum of discounted costs (0.1): $126,745.
Sum of discounted costs (0.15): $117,414.
Benefit Cost Ratio (0.05): 5.30
Benefit Cost Ratio (0.1): 5.25
Benefit Cost Ratio (0.15): 5.20
Return On Investment (0.05): 1.77
Return On Investment (0.1): 1.75
Return On Investment (0.15): 1.73
Payback period (0.05): 1
Payback period (0.1): 1
Payback period (0.15): 1
Here is a summary of the Return on Investment (R.O.I) for each safeguard.
Safeguard |
ROI(10%) |
Percentage of Total |
Application Controls |
3.37 |
52.6% |
Security Policy |
1.75 |
27.3% |
Data Encryption |
1.02 |
15.9% |
Personnel Clearances |
0.17 |
2.7% |
Risk Analysis |
0.06 |
1.0% |
Physical Access Control |
0.01 |
0.2% |
Detection System |
0.01 |
0.2% |
Quality Assurance |
0.00 |
0.1% |
Classification Markings |
0.00 |
0.1% |
Life Cycle Management |
0.00 |
0.0% |
Personnel Control |
0.00 |
0.0% |
Passwords/Authenticaion |
0.00 |
0.0% |
Safeguard Report |
6 |
Contract Specifications |
0.00 |
0.0% |
ROI
3
Application Cont rols
1
Security Policy
1
Data Encryption
1 |
2 |
3 |
Return On Invest ment(ROI). Calculated in order of the 10 highest ROIs.
Cost Benefit Report |
1 |
CHAPTER 5. SAFEGUARDS
The analysis recommends a total of [[[ thirty-six (36) ]]] safeguards out of a possible 42 for use (at the AIS).
Figures 16 through 18 reflect the total cost of each safeguard for the life cycle of the safeguard.
It is generally taken that safeguards can fall into three categories:
(1)those that prevent incidents;
(2)those that permit the timely detection of incidents that have not been detected;
(3)those that aid in the recovery process after an incident has occurred.
The goal of a safeguard is to reduce the Annual Loss Expectancy (ALE) of one or more incidents, thereby reducing the overall ALE for the enterprise. This reduction is calculated by noticing that various safeguards impact the overall system in different ways. Three different forms of impact have been noted:
(1)the reduction in certain evaluative parameters for assets (for example the (recovery) safeguard of Insurance can reduce the Replacement Cost of all assets covered by the insurance);
(2)the reduction in the level of vulnerability in certain areas (for example the (preventative) safeguard of Data Encryption) can significantly reduce the vulnerability called Disclosure (or Data Disclosure); the (detective) safeguard of Monitor System can act to lessen the difficulty that can arise from the slowly degrading Reliability of hardware components);
(3)the reduction in the frequency of a threat (or threat event) (for example, the safeguard called Training is expected to reduce the frequency of the threat of Errors).
Not only is a safeguard intended to reduce ALE, but it must do it in a cost-effect way. RiskWatch II for Windows considers all possible safeguards and their impact on the overall system. For each, in turn, a full Cost-Benefit Analysis (CBA) is performed.
This analysis uses the reduction in ALE, expected annually, as the benefit and the initial and maintenance costs over the lifetime of the safeguard, and considers three different possible discount rates of 5, 10 and 15% to permit the calculation of the net present value of all projected figures.
In the tables below, three figures, one for each discount rate, are provided, for each safeguard,
(1)the ratio of Total Benefits over Total Costs;
(2)the annualized Rate of Return on Investment obtained by dividing this ratio by the number of years
involved;
(3) the Pay-back Period - the year in which accumulating benefits overtake the (initially greater) accumulating costs.
The degree to which each safeguard may already be implemented can be derived from the responses to the questions, in each area of vulnerability, that pertain to a particular safeguard.
5.1SUMMARY OF SAFEGUARDS
The tables below show information about each of the safeguards considered by RiskWatch. It is sorted on the basis of the annualized Rate of Return on Investment (ROI) using Discount Rate of 10%.
The twelve numeric columns are, respectively,
1.the lifetime of the safeguard in years (Lifetime)
2.the initial cost (Initial Cost)
3.the annual maintenance cost (Maint. Cost)
4.the Basic Ratio of Total Benefits to Total Costs for Discount Rate 5% (B/C-5%)
5.the Annualized ROI with Discount Rate 5% (RoI-5%)
6.the Pay-back Period with Discount Rate 5% (PP-5%)
7.the Basic Ratio of Total Benefits to Total Costs for Discount Rate 10% (B/C-10%)
8.the Annualized ROI with Discount Rate 10% (RoI-10%)
9.the Pay-back Period with Discount Rate 10% (PP-10%)
10.the Basic Ratio of Total Benefits to Total Costs for Discount Rate 15% (B/C-15%)
11.the Annualized ROI with Discount Rate 15% (RoI-15%)
12.the Pay-back Period with Discount Rate 15% (PP-15%).
Safeguards |
Lifetime |
Initial Cost |
Maint. Cost |
Application Controls |
3 |
$50,000. |
$50,000. |
Security Policy |
3 |
$70,000. |
$40,000. |
Data Encryption |
5 |
$500,000. |
$500,000. |
Personnel Clearances |
1 |
$50,000. |
$100,000. |
Risk Analysis |
3 |
$100,000. |
$30,000. |
Physical Access Control |
3 |
$2,000,000. |
$500,000. |
Detection System |
3 |
$1,000,000. |
$200,000. |
Quality Assurance |
5 |
$400,000. |
$300,000. |
Classification Markings |
3 |
$500,000. |
$50,000. |
Life Cycle Management |
1 |
$200,000. |
$0. |
Personnel Control |
3 |
$200,000. |
$100,000. |
Passwords/Authenticaion |
5 |
$40,000. |
$200,000. |
Contract Specifications |
1 |
$50,000. |
$100,000. |
Cost Benefit Report |
|
|
2 |
|
|
|
|
Safeguards |
B/C-5% |
ROI-5% |
PP-5% |
Application Controls |
10.11 |
3.37 |
1 |
Security Policy |
5.30 |
1.77 |
1 |
Data Encryption |
5.09 |
1.02 |
1 |
Personnel Clearances |
0.17 |
0.17 |
0 |
Risk Analysis |
0.20 |
0.07 |
0 |
Physical Access Control |
0.03 |
0.01 |
0 |
Detection System |
0.03 |
0.01 |
0 |
Quality Assurance |
0.02 |
0.00 |
0 |
Classification Markings |
0.01 |
0.00 |
0 |
Life Cycle Management |
0.00 |
0.00 |
0 |
Personnel Control |
0.00 |
0.00 |
0 |
Passwords/Authenticaion |
0.00 |
0.00 |
0 |
Contract Specifications |
0.00 |
0.00 |
0 |
|
|
|
|
Safeguards |
B/C-10% |
ROI-10% |
PP-10% |
Application Controls |
10.11 |
3.37 |
1 |
Security Policy |
5.25 |
1.75 |
1 |
Data Encryption |
5.09 |
1.02 |
1 |
Personnel Clearances |
0.17 |
0.17 |
0 |
Risk Analysis |
0.19 |
0.06 |
0 |
Physical Access Control |
0.03 |
0.01 |
0 |
Detection System |
0.03 |
0.01 |
0 |
Quality Assurance |
0.02 |
0.00 |
0 |
Classification Markings |
0.01 |
0.00 |
0 |
Life Cycle Management |
0.00 |
0.00 |
0 |
Personnel Control |
0.00 |
0.00 |
0 |
Passwords/Authenticaion |
0.00 |
0.00 |
0 |
Contract Specifications |
0.00 |
0.00 |
0 |
|
|
|
|
Safeguards |
B/C-15% |
ROI-15% |
PP-15% |
Application Controls |
10.11 |
3.37 |
1 |
Security Policy |
5.20 |
1.73 |
1 |
Data Encryption |
5.09 |
1.02 |
1 |
Personnel Clearances |
0.17 |
0.17 |
0 |
Risk Analysis |
0.19 |
0.06 |
0 |
Physical Access Control |
0.03 |
0.01 |
0 |
Detection System |
0.03 |
0.01 |
0 |
Quality Assurance |
0.02 |
0.00 |
0 |
Classification Markings |
0.01 |
0.00 |
0 |
Life Cycle Management |
0.00 |
0.00 |
0 |
Personnel Control |
0.00 |
0.00 |
0 |
Passwords/Authenticaion |
0.00 |
0.00 |
0 |
Contract Specifications |
0.00 |
0.00 |
0 |
The following table shows the safeguards with the 10 greatest Return on Investment (ROI-10%). Also shown are the Initial and Maintenance Costs of those safeguards. Following the table are barcharts and piecharts of the costs.
Safeguards |
ROI-10% |
Initial Cost |
Maint. Cost |
Application Controls |
3.37 |
$50,000. |
$50,000. |
Security Policy |
1.75 |
$70,000. |
$40,000. |
Data Encryption |
1.02 |
$500,000. |
$500,000. |
Personnel Clearances |
0.17 |
$50,000. |
$100,000. |
Risk Analysis |
0.06 |
$100,000. |
$30,000. |
Physical Access Control |
0.01 |
$2,000,000. |
$500,000. |
Detection System |
0.01 |
$1,000,000. |
$200,000. |
Quality Assurance |
0.00 |
$400,000. |
$300,000. |
Classification Markings |
0.00 |
$500,000. |
$50,000. |
Life Cycle Management |
0.00 |
$200,000. |
$0. |
INITIAL COSTS
Cost Benefit Report |
3 |
2,000,000
Physical Access Control
1,000,000
Detection Syst em
500,000
Data Encryption
500,000
Classification Markings
400,000
Quality Assurance
200,000
Life Cycle Management
100,000
Risk Analysis
25 |
50 |
75 |
100 |
125 |
150 |
175 |
200 (x 10 ,000 ) |
|
|
|
|
Dollars |
|
|
|
70,000
Security Policy
50,000
Application Cont rols
50,000
Personnel Clearances
5 10 15 20 25 30 35 40 45 50 55 60 65 70 (x1,000)
Dollars
Physical Access Control (41.1%)
Personnel Clearances (1.0%) Application Cont rols (1.0%) Security Policy (1.4%)
Risk Analysis (2.1%)
Life Cycle Management (4.1%) Quality Assurance (8.2%) Classification Markings (10.3%)
Data Encryption (10.3%)
Detection System (20.5%)
MAINTENANCE COSTS