Over 600 potential victims have been identified. Members of the ring are alleged to have used the stolen identity information to manufacture fraudulent identification documents bearing their photographs and victims’ personal information, and would then use those fraudulent identification documents and victims’ social security numbers to open credit lines under victims’ names. Through this scheme, members of the ring were able to obtain merchandise from various retailers. 2. Suppose that an attack would do $100,000 in damage and has a 15 percent annual probability of success.
Spending $9,000 per year on “Measure A” would cut the annual probability of success by 75 percent. Do a risk analysis comparing benefits and costs. Show your work clearly. Should the company spend the money? Explain. [1 10] A: It’s a good idea to invest in the additional security. The net annual probable outlay decreases from $15,00 to $12,00. The annual value of countermeasure is $2,250. This shows that investing in countermeasure A is more economically rational than forgoing the added security benefits Countermeasure None.
Damage per successful attack $100,000 Annual probability of successful attack 15% 3. 75% Annual probable damage $15,000 $3,750 Annual cost of countermeasure $0 $9,000 Net annual probable outlay $12,750 Annual value of countermeasure $2,250 3. Do another risk analysis if Measure A costs $20,000 per year. Again, show your work. Should the company spend the money? Explain. A: This risk analysis should be rejected, a countermeasures costing $20,000 will create a negative annual value of countermeasure of $8,750. Countermeasure $20,000 $23,750 $-8,750.
For each of the following passwords, first state the kind of attack that would be necessary to crack it. Justify your answer. Then say whether or not it is an adequateness’s, again giving specific reasons.
Complex passwords can only be cracked with brute force attacks. Security strong. Keys and passwords must belong. Yet most personal identification numbers (PINS) that you type when you use a debit card are only four or six characters long. Yet this is safe. Why? A: This is known as two factor identification. It’s considered safe. To use a debit card, the user must know the pin number and have the physical card. Two factor authentication breaks down if the users computer becomes comprised or mail is intercepted between the user and the bank.