Cost-Benefit Analysis

/in /by

The book outlines the process of completing a cost-benefit analysis. The recorded lecture also shows an example of completing the quantitative part of a CBA (it doesn’t discuss the research part). To help you get started, I’ve provided an Excel spreadsheet as the starting filePreview the document for your CBA.

Here is what you need to do:

  1. Pick a company to conduct the analysis for.
    You will need to pick a company so that you’ll be able to make some realistic assumptions about information technology risks, threats and controls (especially quantitatively). You may pick a company you’re personally familiar with or that you’ve read about in a case in previous weeks. It’s probably not a good idea to pick a large multinational enterprise though. You may need information like number of employees, location (in case of natural disaster threats),annual revenue/profit, etc.
  2. Select (at least) 5 information assets (hardware, software, data, procedures, people) that are important for your selected company to perform business operations.
    Assign a dollar value to each asset. Use any method discussed in the text, but be consistent for all three assets.
  3. Select (at least) 5 security threats.
    Ideally, pick threats from some different threat categories. The threats you pick must have vulnerabilities that would impact the asset (i.e. T1V1A1 should exist).

You would really need to complete a TVA worksheet here. However, you can just “guesstimate” what you feel are the top 5+ assets and top 5+ threats to this company.

  1. Research the annual rate of occurrence of these threats for your business.
    You will need to make a number of assumptions. That’s fine, but be sure they are somehow supported by fact. Find and reference some information that supports your assumptions.
  2. Research the loss expectancy of incidents.
  3. Research controls that can help mitigate those risks.
    Select at least 2 for each threat. Calculate (again supported by fact) the annualized cost of those controls as it would apply to your firm.
  4. Complete the CBA worksheet (using Excel formulas for anything that’s calculated)
  5. Write up (a few paragraphs should be sufficient) a brief analysis of each control. Does it make sense to implement it?Why or why not?

Submit (attach multiple files to a single submission – please don’t zip or do multiple submissions):

  • The completed CBA Excel spreadsheet
  • The Word document with your analysis and your references.

You will be graded on

  • Analysis
  • Excel formulas
  • Correctness of the CBA
  • Appropriateness of the assumptions

I cannot stress this enough: please stick to IT assets and threats to compromise of C-I-A. I don’t want to read about kitchen equipment, personnel turnover rate, etc. While all these things are important, this is an information security course.

 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.