QUESTION

# Cost-benefit analysis! Your company's web site is sometimes broken into by hackers, with the following estimates of probabilities and costs: Each day...

1.   Cost-benefit analysis!  Your company's web site is sometimes broken into by hackers, with the following estimates of probabilities and costs:

·        Each day there is a 0.4% chance that a script kiddie will only deface the web site, but cause no other damage. This would cost only \$10,000 in lost sales.

·        Each day there is a 0.2% chance (once every three hundred days) that an expert hacker will delete data and steal customers' credit card numbers, costing \$250,000.

·        Remember how hackers stole all the data from Ashley Madison and killed the company? We estimate that each day there is a 0.02% chance (once in ten thousand days) that an expert hacker will steal all the company's data, costing \$1,000,000.

The big boss wants you to advise on which of these three solutions to buy:

I.       We could do nothing and accept the problem.

II.       A nice IBM firewall costs a huge \$50,000 per year. It claims to prevent all script kiddie hackers and 95% of expert hackers.

III.       A cheap Microsoft firewall costs only \$8,000 per year. It claims to prevent 90% of script kiddie hackers and 50% of expert hackers.

The big boss wants you to advise which to choose. Feel free to use a spreadsheet or calculator or whatever you find the most convenient to answer these questions:

·        Calculate the annualized loss expectancy (ALE) for the three kinds of hacker attacks. What is the total annual loss expectancy? (5 marks)

·        For the three possible solutions, calculate the total annualized loss expectancy (ALE) if that solution was used? (12 marks)

·        Calculate the cost-benefit of the three different solutions (6 marks)

·        If the boss asks, is there a large difference between the solutions (are two solutions about the same), or is there a clear winner? (1 mark)

·        A magazine article claims that the IBM firewall doesn't stop 95% of expert hackers, it only stops 90% of expert hackers.  Would this small difference cause you to change your advice? (2 marks)

·        The Microsoft salesperson offers to reduce the price from \$8,000 per year, to completely free. Would free software change your advice? (2 marks)