The Marketing team has decided to create a special workout application that will allow users to download an application on their wearable watch.The wearable watch will ask the user to enter their information through the Internet to collect:
- Name
- Email address
- Phone number (which will be linked to the Wearable watch)
- Age
- Height
- Body weight
- Goals for working out (eg. total steps walked, total miles run)
The information from the Wearable watch will be uploaded to the Internet to the application every 30 seconds to ensure the watch and the Internet application are constantly in sync.
How would you ensure Information Security and Compliance are built into the integrated systems?
Use the Issue Analysis and Remediation Evaluation spreadsheet (IARE) also labeled “Time Motion” to determine potential cost associated with risk.
| Loss Exposure | Internal Bill Rate | $100 | Annual Revenue | $1,000,000,000 | Revenue Per Hour | $115,740.74 | ||||
| Consultant Bill Rate | $175 | Revenue Per Month | $83,333,333.33 | Revenue Per Minute | $1,929.01 | |||||
| Revenue Per Day | $2,777,777.78 | |||||||||
| Issue Analysis | Remediation | |||||||||
| Frequency – Times Per Year | 4 | |||||||||
| Team to Develop | Resources | Time (Hours) | Total Man Hours | Estimated Costs | Team to Remediate | Resources | Time (Hours) | Total Man Hours | Estimated Costs | |
| Application Development | 2 | 1.5 | 3 | $300 | Application Developmnet | 2 | 20 | 40 | $4,000 | |
| Crisis Communications | 4 | 160 | 640 | $64,000 | Crisis Communications | 4 | 40 | 160 | $16,000 | |
| Human Resources | 2 | 1.5 | 3 | $300 | Human Resources | 2 | 100 | 200 | $20,000 | |
| Forensics | 2 | 320 | 640 | $64,000 | Forensics | 0 | 0 | 0 | $250,000 | |
| InfoSec | 2 | 1.5 | 3 | $300 | InfoSec | 2 | 28 | 56 | $5,600 | |
| Incident Response (Research/RCA) | 1 | 160 | 160 | $16,000 | Incident Response (Research/RCA) | 1 | 1.5 | 1.5 | $150 | |
| IT | 4 | 40 | 160 | $16,000 | IT | 4 | 28 | 112 | $11,200 | |
| Legal | 2 | 160 | 320 | $32,000 | Legal | 2 | 40 | 80 | $8,000 | |
| Marketing | 2 | 1.5 | 3 | $300 | Marketing | 2 | 38 | 76 | $7,600 | |
| Operations | 4 | 10 | 40 | $4,000 | Operations | 4 | 40 | 160 | $16,000 | |
| QA/Test | 2 | 4 | 8 | $800 | QA/Test | 4 | 320 | 1280 | $128,000 | |
| Total Per Incident | $198,000 | Total Per Incident | $466,550 | |||||||
| Total Per Year | $792,000 | Total Per Year | $1,866,200 | |||||||
| Opportunity Costs | Revenue Per Year | Monthly Revenue | Regulation | Fine Per Year | ||||||
| Project 1 | $150,000 | $12,500.00 | HIPAA | $500,000 | ||||||
| Project 2 | $350,000 | $29,167 | PCI | $250,000 | ||||||
| Project 3 | $750,000 | $62,500 | SOX | $400,000 | ||||||
| $104,166.67 | <– This is the lost revenue from one month becasue projects were put on hold. | |||||||||
| Total | $1,150,000 | |||||||||
| Assumptions | ||||||||||
| The company has to meet PCI requirements | Credit Monitoring | |||||||||
| The company has to meet PHI requirements | Number of records | 110,000,000 | ||||||||
| The company has to meet PII requirements | Cost per record/month | $20 | ||||||||
| The company will have to have forensics and investigation performed during and after the incident | Time to monitor | 12 | ||||||||
| The company recognizes revenues 24x7x365 | Total cost | $26,400,000,000 | ||||||||
| Brand and reputation are not part of this loss exposure evaluation | ||||||||||
| Loss of trust is not part of this loss exposure update | By Event | Per Year | ||||||||
| Total cost to investigate + opportunity cost | $302,166.67 | $1,208,666.67 | ||||||||