The information system of Company ABC is deemed to be 90% reliable. A major threat has been identified with an exposure of $5,000,000. Two control procedures exist to deal with the threat. Implementation of control A would cost $140,000 and reduce the risk to 4%. Implementation of control B would cost $100,000 and reduce the risk to 6%. Implementation of both controls would cost $220,000 and reduce the risk to 2%. Given the data and based solely on an economic analysis of costs and benefits, which control procedure should you choose?
What will be an ideal response?
Estimated value of control A: 5,000,000*(10% - 4%) = $300,000 (problem states that Control A reduces the risk TO 4%)
Estimated value of control B: 5,000,000*(10% - 6%) = $200,000 (problem states that Control B reduced the risk TO 6%.)
Estimated value of control A&B: 5,000,000*(10% - 2%) = $400,000
Benefits exceed cost of A: 300,000 - 140,000 = 160,000
Benefits exceed cost of B: 200,000 - 100,000 = 100,000
Benefits exceed cost of A&B: 400,000 - 220,000 = 180,000
Choose Controls A & B.
You might also like to view...
A violation of the company ethics policy by an employee will not lead to termination
Indicate whether the statement is true or false
When organizational members are consious and intentional about the changes to be made, this is considered _____ change.
a. planned b. unplanned c. first-order d. second-order
Through selective listening, a CSR discovers important information that may alter his or her opinion and actions during customer service exchanges.
Answer the following statement true (T) or false (F)
Why must an agency research the problem it seeks to address? A) The agency must establish the purpose for any new rules proposed
B) The agency must present evidence that the regulation will accomplish its purpose. C) The agency must determine if the regulation will be cost effective. D) All of the above are reasons an agency must research the problems it is addressing.