a .Strathmore University has been suffering from increased security breaches on the Academic Management System and their Infrastructure for the last few years. The security team is considering investing in a Unified Threat Management with User Behavior Analytics and Deep Packet filtering modules. The management, however, cannot invest in the entire solution and needs to acquire one module at a time. The CISO has decided to run some numbers. He estimates that the student AMS valued at $50,000, has been suffering about 20 security incidents per year for the last three years. Each of these incidents cost about 40% of the system’s value in data loss and productivity. The network infrastructure on the other hand is valued at $150,000 and experiences 8 attacks every year costing 48% of the asset value. The UBA module costs $40,000 and is projected to reduce the frequency of the incidents by about 90% while the DPI module reduces the exposure by 75% and costs $50,000.
i. If the data provided is 95% accurate, rank the risk ratings for the two assets
ii. Assuming that both modules are eventually implemented, calculate their return on investment and prioritize the order of implementation of both controls
b .Echo Inc. has been suffering from increased security breaches for the last few years and is considering investing in a user behavior analytics (UBA) solution. However, the executive board is not convinced the investment is worth it. The new CIO has decided to run some numbers. Echo’s CIO estimates that Echo has been suffering about 15 security incidents per year for the last 5 years. These incidents seem to cost about $40,000 in data losses, fines, and productivity. The UBA solution is projected to block about 80% of the attacks and reduce the of occurrence by 80%. However, the cost to acquire and maintain the solution is estimated at $65,000 per year. What is the estimated ROSI if the solution was acquired?
c .In an enterprise data center, a distributed storage system is used to provide real time data storage service to its customers. The scheduled operating time of the service is 24×365 hours, so that the customers can store and retrieve data anytime. The MTBF and MTTR of the storage system are 10090 hours and 25 hours respectively. Last year the storage system failed twice which resulted in a total service downtime of five days.
i. What is the expected availability of the storage system?
ii .What are the expected annual uptime and downtime of the storage system?
iii. What is the achieved availability of the data archiving service in the last year?