MISC 372 M2: Homework Assignment
1. Go to http://www.cybercrime.gov. Go to the section on computer crimes press release. Select one of the cases randomly. Describe the type of attacker and the type of attack(s), according to the categories that are defined as in the textbook According to the 16-count indictment and a related criminal complaint, Blalock and Bush allegedly recruited women to steal personal information, such as social security numbers, addresses, and dates of birth, from their employers, which included a local dental practice, insurer, and rental car company. Over 600 potential victims have been identified. Members of the ring are alleged to have used the stolen identity information to manufacture fraudulent identification documents bearing their photographs and victims’ personal information, and would then use those fraudulent identification documents and victims’ social security numbers to open credit lines under victims’ names. Through this scheme, members of the ring were able to obtain merchandise from various retailers.
2. Suppose that an attack would do $100,000 in damage and has a 15 percent annual probability of success. Spending $9,000 per year on “Measure A” would cut the annual probability of success by 75 percent. Do a risk analysis comparing benefits and costs. Show your work clearly. Should the company spend the money? Explain. [110]
A: It’s a good idea to invest in the additional security. The net annual probable outlay decreases from $15,00 to $12,00.The annual value of countermeasure is $2,250. This shows that investing in countermeasure A is more economically rational than forgoing the added security benefits
Countermeasure
None
A
Damage per successful attack
$100,000
$100,000
Annual probability of successful attack
15%
3.75%
Annual probable damage
$15,000
$3,750
Annual cost of countermeasure
$0
$9,000
Net annual probable outlay
$15,000
$12,750
Annual value of countermeasure
$0
$2,250
3. Do another risk analysis