Q7: If there is a Secondary Loss, please use the table below to record the secondary loss event frequency? (7 Pts) Good Luck J Page 5 of 6 min MI max Confidenc Secondary Loss event frequency e Incident Response - In the event of a breach, a team of 4-7 people would be deployed for 8-15 hours at a loaded hourly wage of $100/hr. - Industry data shows that companies typically do not discover data breaches for months after the event. Given this, Innova Tech would likely continue to operate the website during the investigation. - In the event of a data breach, a third-party forensic team would be hired to investigate how much data was stolen and how it was taken. Investigations of this scale cost an average of $200,000. After the breach, a training and awareness session has to be sent to employees who are victims of the email phishing attack. Usually, an external security consultant provides a one-day session that cost about 1500$. After the incident, notifying impacted customers will cost around $5 per customer. Notified customers are expected to contact the call center to demand more information about the breach, and each call cost about 2$. - After the incident, notifying the regulator will cost around 1000$ for the whole incident Regulatory Compliance - Industry data shows that over the past 3 years, fines related to a breach of over 500,000 customer records have ranged from $150,000 to $500,000. Industry data shows that courts and regulators have rarely held companies accountable for fraudulent credit card charges that occur after a data breach. EMCS KAU Q7: If there is a Secondary Loss, please use the table below to record the secondary loss event frequency? (7 Pts) Good Luck J Page 5 of 6 min MI max Confidenc Secondary Loss event frequency e Incident Response - In the event of a breach, a team of 4-7 people would be deployed for 8-15 hours at a loaded hourly wage of $100/hr. - Industry data shows that companies typically do not discover data breaches for months after the event. Given this, Innova Tech would likely continue to operate the website during the investigation. - In the event of a data breach, a third-party forensic team would be hired to investigate how much data was stolen and how it was taken. Investigations of this scale cost an average of $200,000. After the breach, a training and awareness session has to be sent to employees who are victims of the email phishing attack. Usually, an external security consultant provides a one-day session that cost about 1500$. After the incident, notifying impacted customers will cost around $5 per customer. Notified customers are expected to contact the call center to demand more information about the breach, and each call cost about 2$. - After the incident, notifying the regulator will cost around 1000$ for the whole incident Regulatory Compliance - Industry data shows that over the past 3 years, fines related to a breach of over 500,000 customer records have ranged from $150,000 to $500,000. Industry data shows that courts and regulators have rarely held companies accountable for fraudulent credit card charges that occur after a data breach. EMCS KAU