Suppose a department has determined that some users have gained unauthorized access to the computing system. Managers fear the intruders might intercept or even modify sensitive data on the system. Cost to reconstruct correct data is expected to be $2,000,000 with 5% likelihood per year.
One approach to addressing this problem is to install a more secure data access control problem. The cost of access control software is is $50,000 with 80% effectiveness. Here is the summary of risk and control:
Cost to reconstruct correct data = $2,000,000 with 5% likelihood per year
Effectiveness of access control software: 80%
Cost of access control software: $50,000
Determine the expected annual costs due to loss and controls. Also, determine whether the costs outweigh the benefits of preventing or mitigating the risks.