Problem :
Intrusion Detection (a). Suppose you have been hired as the security manager at XYZ company.
Your boss asks you to determine the number of erroneous login attempts that should be allowed before a user's account is locked.
She is concerned that too many employees are being locked out of their accounts unnecessarily, but is equally concerned that attackers may be able to guess passwords.
How would you determine an appropriate value for the threshold?