1 / 12

Risk Analysis and the Security Survey 3rd edition

Risk Analysis and the Security Survey 3rd edition. Chapter 5 Cost / Benefit Analysis. Efficiency versus cost is the first phase of balancing cost/benefit ratio. Consider only solutions responsive to a need or requirement.

faunus
Download Presentation

Risk Analysis and the Security Survey 3rd edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Risk Analysis and the Security Survey 3rd edition Chapter 5 Cost / Benefit Analysis

  2. Efficiency versus cost is the first phase of balancing cost/benefit ratio. Consider only solutions responsive to a need or requirement. Use only tools or techniques that perform the task effectively at the least possible cost. Cost / Benefit AnalysisIntroduction

  3. Elements of a security program are adequate, inadequate, or nonexistent. A good system design consists of: Policy, Procedures, Guidelines Hardware. Manpower. Cost / Benefit AnalysisSystem Design Engineering

  4. Three criteria to select countermeasures: Cost. Reliability. Delay. Cost: Initially concerned with acquisition cost. Consider life cycle cost factors. Consider replacement cost factors. Cost / Benefit AnalysisSystem Design Engineering

  5. Reliability. Critical with hardware and electronic devices. Inspect existing similar installations. Purchase contract clauses. Delay. Time delay to implement. Overlapping countermeasures. Guard costs - 4.2 guards 24 hours, 7 day per week. Cost / Benefit AnalysisSystem Design Engineering

  6. Achieves very high levels of reliability in security programs. Examples of redundancy: Multi-technology sensors. Redundant system monitoring. Back-up telecommunications. Redundant systems. Decreases odds of total system failure. Cost / Benefit AnalysisRedundancy

  7. Increases odds of detection. Makes circumvention difficult. May be necessary to use redundancy to design an adequate system. Cost / Benefit AnalysisRedundancy

  8. The right countermeasure • To control or mitigate a risk • Policies, procedures and guidelines are less expensive than hardware • Hardware is less expensive than manpower

  9. Implementation can be done in phases. Cost out each system in terms of minimum level of security. Add measures to each phase, increasing cost to the project’s countermeasures plan. Phased approach prevents system “overkill”. Cost / Benefit AnalysisA Security Countermeasure

  10. Cost / Benefit AnalysisA Security Countermeasure • Start with the basics – countermeasures that are effective for the least amount of money • Add countermeasures with greater costs when you have the necessary historical data to justify spending

  11. Cost-effective security systems use a combination of manpower and hardware (electronics) to achieve countermeasures balance. Must be cost-effective before ‘sold’ to management. Use competitive bidding with security vendors (inform vendors). Cost / Benefit AnalysisA Security Countermeasure

  12. Cost / Benefit AnalysisA Security Countermeasure • See appendix H – Security Systems Specifications

More Related