# Homework Assignment Essay

Table of Content

Over 600 potential victims have been identified. It is alleged that members of the ring used the stolen identity information to make fake identification documents with their own photos and the personal information of the victims. They then used these fake documents and the victims’ social security numbers to open credit lines in the victims’ names. By doing so, the ring members were able to obtain merchandise from different stores. Additionally, let’s assume that an attack would cause \$100,000 in damage and has a 15 percent chance of success each year.

Spending \$9,000 per year on “Measure A” would decrease the annual probability of success by 75%. A risk analysis comparing benefits and costs should be done. The company should determine whether the investment is worth it. [1 10] A: It is advisable to invest in additional security. The net annual probable expenditure decreases from \$15,000 to \$12,000. The countermeasure has an annual value of \$2,250. This demonstrates that investing in countermeasure A is more economically rational than not having the added security benefits from Countermeasure None.

– Damage per successful attack: \$100,000
– Annual probability of successful attack: 15%
– Annual probable damage: \$15,000
– Annual cost of countermeasure: \$0
– Net annual probable outlay: \$12,750
– Annual value of countermeasure: \$2,250

3. Do another risk analysis if Measure A costs \$20,000 per year. Again, show your work. Should the company spend the money? Explain.
A: This risk analysis should be rejected. A countermeasure costing \$20,000 will result in a negative annual value of countermeasure of -\$8,750. Countermeasure: \$20,000 | \$23,750 | -\$8,750.

Firstly, it is necessary to determine the type of attack required to crack each of the following passwords. The justification for the answer should be provided. Subsequently, it should be stated whether or not they are considered adequate, accompanied by specific reasons.

Complex passwords can only be cracked with brute force attacks, making them a strong security measure. However, personal identification numbers (PINS) for debit cards are typically only four or six characters long. Despite their brevity, these short PINS are considered safe due to two factor identification. This method requires users to know the pin number and possess the physical card in order to use a debit card. However, two factor authentication can be compromised if the user’s computer is compromised or if mail is intercepted during communication with the bank.