120 likes | 253 Views
Risk Analysis and the Security Survey 3rd edition. Chapter 5 Cost / Benefit Analysis. Efficiency versus cost is the first phase of balancing cost/benefit ratio. Consider only solutions responsive to a need or requirement.
E N D
Risk Analysis and the Security Survey 3rd edition Chapter 5 Cost / Benefit Analysis
Efficiency versus cost is the first phase of balancing cost/benefit ratio. Consider only solutions responsive to a need or requirement. Use only tools or techniques that perform the task effectively at the least possible cost. Cost / Benefit AnalysisIntroduction
Elements of a security program are adequate, inadequate, or nonexistent. A good system design consists of: Policy, Procedures, Guidelines Hardware. Manpower. Cost / Benefit AnalysisSystem Design Engineering
Three criteria to select countermeasures: Cost. Reliability. Delay. Cost: Initially concerned with acquisition cost. Consider life cycle cost factors. Consider replacement cost factors. Cost / Benefit AnalysisSystem Design Engineering
Reliability. Critical with hardware and electronic devices. Inspect existing similar installations. Purchase contract clauses. Delay. Time delay to implement. Overlapping countermeasures. Guard costs - 4.2 guards 24 hours, 7 day per week. Cost / Benefit AnalysisSystem Design Engineering
Achieves very high levels of reliability in security programs. Examples of redundancy: Multi-technology sensors. Redundant system monitoring. Back-up telecommunications. Redundant systems. Decreases odds of total system failure. Cost / Benefit AnalysisRedundancy
Increases odds of detection. Makes circumvention difficult. May be necessary to use redundancy to design an adequate system. Cost / Benefit AnalysisRedundancy
The right countermeasure • To control or mitigate a risk • Policies, procedures and guidelines are less expensive than hardware • Hardware is less expensive than manpower
Implementation can be done in phases. Cost out each system in terms of minimum level of security. Add measures to each phase, increasing cost to the project’s countermeasures plan. Phased approach prevents system “overkill”. Cost / Benefit AnalysisA Security Countermeasure
Cost / Benefit AnalysisA Security Countermeasure • Start with the basics – countermeasures that are effective for the least amount of money • Add countermeasures with greater costs when you have the necessary historical data to justify spending
Cost-effective security systems use a combination of manpower and hardware (electronics) to achieve countermeasures balance. Must be cost-effective before ‘sold’ to management. Use competitive bidding with security vendors (inform vendors). Cost / Benefit AnalysisA Security Countermeasure
Cost / Benefit AnalysisA Security Countermeasure • See appendix H – Security Systems Specifications