Issue Analysis and Remediation Evaluation

The Marketing team has decided to create a special workout application that will allow users to download an application on their wearable watch.The wearable watch will ask the user to enter their information through the Internet to collect:

  • Name
  • Email address
  • Phone number (which will be linked to the Wearable watch)
  • Age
  • Height
  • Body weight
  • Goals for working out (eg. total steps walked, total miles run)

The information from the Wearable watch will be uploaded to the Internet to the application every 30 seconds to ensure the watch and the Internet application are constantly in sync.

How would you ensure Information Security and Compliance are built into the integrated systems?

Use the Issue Analysis and Remediation Evaluation spreadsheet (IARE) also labeled “Time Motion” to determine potential cost associated with risk.

Loss Exposure Internal Bill Rate $100 Annual Revenue $1,000,000,000 Revenue Per Hour $115,740.74
Consultant Bill Rate $175 Revenue Per Month $83,333,333.33 Revenue Per Minute $1,929.01
Revenue Per Day $2,777,777.78
Issue Analysis Remediation
Frequency – Times Per Year 4
Team to Develop Resources Time (Hours) Total Man Hours Estimated Costs Team to Remediate Resources Time (Hours) Total Man Hours Estimated Costs
Application Development 2 1.5 3 $300 Application Developmnet 2 20 40 $4,000
Crisis Communications 4 160 640 $64,000 Crisis Communications 4 40 160 $16,000
Human Resources 2 1.5 3 $300 Human Resources 2 100 200 $20,000
Forensics 2 320 640 $64,000 Forensics 0 0 0 $250,000
InfoSec 2 1.5 3 $300 InfoSec 2 28 56 $5,600
Incident Response (Research/RCA) 1 160 160 $16,000 Incident Response (Research/RCA) 1 1.5 1.5 $150
IT 4 40 160 $16,000 IT 4 28 112 $11,200
Legal 2 160 320 $32,000 Legal 2 40 80 $8,000
Marketing 2 1.5 3 $300 Marketing 2 38 76 $7,600
Operations 4 10 40 $4,000 Operations 4 40 160 $16,000
QA/Test 2 4 8 $800 QA/Test 4 320 1280 $128,000
Total Per Incident $198,000 Total Per Incident $466,550
Total Per Year $792,000 Total Per Year $1,866,200
Opportunity Costs Revenue Per Year Monthly Revenue Regulation Fine Per Year
Project 1 $150,000 $12,500.00 HIPAA $500,000
Project 2 $350,000 $29,167 PCI $250,000
Project 3 $750,000 $62,500 SOX $400,000
$104,166.67 <– This is the lost revenue from one month becasue projects were put on hold.
Total $1,150,000
Assumptions
The company has to meet PCI requirements Credit Monitoring
The company has to meet PHI requirements Number of records 110,000,000
The company has to meet PII requirements Cost per record/month $20
The company will have to have forensics and investigation performed during and after the incident Time to monitor 12
The company recognizes revenues 24x7x365 Total cost $26,400,000,000
Brand and reputation are not part of this loss exposure evaluation
Loss of trust is not part of this loss exposure update By Event Per Year
Total cost to investigate + opportunity cost $302,166.67 $1,208,666.67

Last Updated on