Answer this question based on The Security Risk Assessment Handbook by DOUGLAS J$.$LANDOLL

Exercises

Section $10\mathrm{.}2$ mentions solution sets as the application of several safeguards to address a single vulnerability or a set of closely related vulnerabilities. Give an example of a solution set for the following vulnerabilities:

a$.$ Front entrance is susceptible to piggy$-$backing.

b$.$ In$-$house$-$developed Web applications are susceptible to SQL injection attacks.

c$.$ Critical patches are not applied within $7$ days.

d$.$ USB thumb drives containing sensitive data are lost outside of the

building.

$2)$ Estimate $($quantitatively$)$ the cost of implementing the following controls:

a$.$ Secure code development training for $20$ developers

b$.$ Fire suppression system for $2,000$ sq$.$ ft$.(24,000$ cu$.$ ft$.)$ data center

c$.$ Whole$-$disk encryption for $100$ laptops

$3)$ Estimate the costs for the same controls above using the following qualitative

scale:

Consider the safeguards described in $2a-c.$

a$.$ Suggest a quantitative measurement approach for effectiveness of $2a-c.$

b$.$ What would it cost to obtain that measurement?

c$.$ Is it worthwhile to do so$?$

Estimate the effectiveness of $2a-c$ using the qualitative scale of High, Medium, and Low.

a$.$ Using only the qualitative measurements for cost and effectiveness, what

controls would you suggest be implemented?

b$.$ Is it likely that quantitative methods would produce different results?