The value of the data in Shearwater Corporation's customer relationship management database has been valued at $2,000,000.
Question:
The value of the data in Shearwater Corporation's customer relationship management database has been valued at $2,000,000. Due to a SQL injection flaw in a public-facing website, the chance that an unauthorized person could access this data has been put at 40% by the risk assessment team, they also expect that this may happen once every four years. If a web application firewall costs $150,000 per year to maintain and run is this a cost-effective control when considering the ROSI formula?
The risk assessment team has come back and said that there was a mistake in their calculations, the exposure factor is only 6% as the injectable form is in a password-protected area of the site that only staff can access. How does this impact the equation? How does the figure change if the WAF is controlling for multiple risks?
Concepts of Database Management
ISBN: 978-1285427102
8th edition
Authors: Philip J. Pratt, Mary Z. Last