a. Use the following facts to assess the time-based model of security for the ABC Company; how well does the existing system protect ABC? Assume that the best-, average-, and worst-case estimates are independent for each component of the model.

• Estimated time that existing controls will protect the system from attack 5 15 minutes (worst case), 20 minutes (average case), and 25 minutes (best case)

• Estimated time to detect that an attack is happening 5 5 minutes (best case), 8 minutes (average case) and 10 minutes (worst case)

• Estimated time to respond to an attack once it has been detected 5 6 minutes

(best case), 14 minutes (average case), and 20 minutes (worst case)

b. The company is considering investing up to an additional $100,000 to improve its security. Given the following possibilities, which single investment would you recommend?

Which combination of investments would you recommend? Explain your answer.

• An investment of $75,000 would change the estimates for protection time to 19 minutes (worst case), 23 minutes (average case), and 30 minutes (best case).

• An investment of $75,000 would change the estimates for detection time to 2 minutes (best case), 4 minutes (average case), and 7 minutes (worst case).

• An investment of $75,000 would change the estimates for response time to 3 minutes (best case), 6 minutes (average case), and 10 minutes (worst case).

• An investment of $25,000 would change the estimates for protection time to 17 minutes (worst case), 22 minutes (average case), and 28 minutes (best case).

• An investment of $25,000 would change the estimates of detection time to 4 minutes (best case), 7 minutes (average case) and 9 minutes (worst case).

• An investment of $25,000 would change the estimates for response time to 4 minutes (best case), 9 minutes (average case), and 12 minutes (worst case).