VIBRANTBOOTCAMP.CO.UK

MCSE Boot Camp Longest Duration MCSE Boot Camps
CCNA MCSE Boot Camp 98% Success Ratio 
CCNP MCSE Boot Camp MCSE CCNA camp Back to Back

MCSE Boot Camp
MCSE CCNA CCNP Boot camp UK :
MCSE Certification MCSE   MCSE Security Boot camp MCSE + Security   CCNA Certification CCNA   CCNP Certification CCNP   Boot Camp Location Location   MCSE Boot Camp Schedule Schedule  MCSE Boot Camp Register Register  MCSE Boot camp Home Home

Vibrant Microsoft Notes :
Join Vibrant MCSE Boot camp Training in UK.

Acquisition Costs

These costs comprise the software, hardware, or services related to a proposed new control. Some controls may have no acquisition costs — for example, implementing a new control may merely involve enabling a previously unused feature on a piece of network hardware that the organization is already using. Other controls may require the purchase of new technologies such as distributed firewall software or dedicated firewall hardware with application layer filtering capabilities. Some controls may not require the purchase of anything but rather the hiring of a third-party organization. For example, an organization might hire another firm to provide it with a block list of known spammers that is updated daily so that it can tie the list into its spam filters already installed on mail servers in the organization. There may be other controls that the organization chooses to develop itself; all of the costs relating to designing, developing, and testing the controls would be part of an organization's acquisition costs.

Implementation Costs

These expenditures relate to staff or consultants who will install and configure the proposed new control. Some controls may require a large team to specify, design, test, and deploy properly. Alternatively, a knowledgeable systems administrator could disable a few unused system services on all desktop and mobile computers in only a few minutes if the organization already has enterprise management tools deployed.

Ongoing Costs

These costs relate to continuing activities associated with the new control, such as management, monitoring, and maintenance. They may seem particularly hard to estimate, so try to think of them in terms how many people will need to be involved and how much time each week (or month or year) will need to be spent on these tasks. Consider a robust, distributed network-based intrusion detection system for a large corporation with offices on four continents. Such a system would require people to monitor the system 24 hours a day, every day, and those people would have to be able to interpret and effectively respond to alerts. It might require eight or ten or even more full-time employees for the organization to fully realize the potential of this complex control.

Communication Costs

This expenditure is related to communicating new policies or procedures to users. For an organization with a few hundred employees that is installing electronic locks for its server room, a few e-mails sent to the IT staff and senior managers might be sufficient. But any organization deploying smart cards, for example, will require a lot of communication before, during, and after the distribution of smart cards and readers, because users will have to learn a whole new way of logging on to their computers and will undoubtedly encounter a wide range of new or unexpected situations.

Training Costs for IT Staff

These costs are associated with the IT staff that would need to implement, manage, monitor, and maintain the new control. Consider the previous example of an organization that has decided to deploy smart cards. Various teams within the IT organization will have different responsibilities and, therefore, require different types of training. Help desk staff will have to know how to help end users overcome common problems such as damaged cards or readers and forgotten PINs. Desktop support staff will have to know how to install, troubleshoot, diagnose, and replace the smart card readers. A team within the IT organization, one within the human resources department, or perhaps one within the organization's physical security department will have to be responsible for provisioning new and replacement cards and retrieving cards from departing employees.

Training Costs for Users

This expenditure is related to users who would have to incorporate new behavior in order to work with the new control. In the smart card scenario referenced previously, all users will have to understand how to use the smart cards and readers, and they will also have to understand how to properly care for the cards, because most designs are more sensitive to physical extremes than credit cards or bank cards.

Costs to Productivity and Convenience

These expenditures are associated with users whose work would be impacted by the new control. In the smart card scenario, you might assume that things would be easier for an organization after the early weeks and months of deploying the cards and readers and helping users overcome their initial problems. But for most organizations, that would not be the case. Many will find that their existing applications are not compatible with smart cards, for example. In some cases this may not matter, but what about the tools that the human resources department uses to manage confidential employee information? Or the customer relationship management software used throughout the organization to track important data for all customers?

If critical business applications like these are not compatible with smart cards and are configured to require user authentication, the organization may be faced with some difficult choices. It could upgrade the software, which would require even more costs in terms of new licenses, deployment, and training. Or it could disable the authentication features, but that would lower security significantly. It could, alternatively, require users to enter user names and passwords when accessing these applications, but then users would once again have to remember passwords, undermining one of the key benefits of smart cards.

Costs for Auditing and Verifying Effectiveness

An organization would incur these expenditures after implementing the proposed new control. Examples of questions that you can ask to further define these costs include:

  • How will it ensure that the control is actually doing what it was supposed to do?
  • Will some members of the IT organization perform penetration testing?
  • Will they try running samples of malicious code against the asset that the control is supposed to protect?
  • After the effectiveness of the control has been validated, how will the organization verify that the control is still in place, on an ongoing basis?

The organization must be able to prove that nobody has accidentally or maliciously modified or disable the control, and it must determine who will be charged with the verification of this. For extremely sensitive assets it may be necessary to have more than one person validate the results.

Woodgrove Example: In Tables 5.3 and 5.4, below, the Mitigation Owners determined costs for the risks. Record the cost estimates for each proposed control in the "Cost of Control Description" column in SRMGTool3_Detailed Level Risk Prioritization.xls.

Table 5.3   Costs for Implementing Smart Cards for VPN and Admin Access

Category Notes Estimates
Acquisition Costs The cost per smart card is $15, and the cost per reader is also $15. Only 10,000 of the bank's employees require virtual private networking (VPN) or administrative access, so the total cost for cards and readers would be $300,000. $300,000
Implementation Costs The bank would hire a consulting firm to help it implement the solution at a cost of $750,000. There would still be significant costs for the time invested by the bank's own employees, though: $150,000. $900,000
Communication Costs The bank already has several established methods of communicating news to employees such as printed newsletters, internal Web sites, and e-mail mailing lists, so the costs of communicating the smart card deployment would not be substantial. $50,000
Training Costs for IT Staff The bank would use the same consulting organization to train the IT staff that would help with the implementation; the cost would be $10,000. Most members of the IT staff would miss 4 to 8 hours of work time, for an estimated overall cost of $80,000. $90,000
Training Costs for Users The bank would use Web-based training from the smart card vendor for teaching employees how to use the smart cards; cost is included in the price of the hardware. Each of the bank's employees would spend about an hour taking the training, for an overall cost of lost productivity of about $300,000. $300,000
Costs to Productivity and Convenience The bank assumes that the average user will miss about an hour of productivity and that one out of four will call the Help desk for assistance with their smart cards. The cost of lost productivity would be $300,000, and the expense of support calls to the Help desk would be $100,000. $400,000
Costs for Auditing and Verifying Effectiveness The Security Risk Management Team believes that it can periodically audit and verify the effectiveness of the new control at a cost of $50,000 for the first year. $50,000
Total   $2,090,000

Table 5.4   Costs for Implementing Smart Cards for Local Access

Category Notes Estimates
Acquisition Costs The cost per smart card is $15, and the cost per reader is also $15. Because all 15,000 bank employees would require local access, the total cost for cards and readers would be $450,000. The bank would also have to upgrade or replace many business applications at a substantial cost: $1,500,000. $1,950,000
Implementation Costs The bank would hire a consulting firm to help it implement the solution at a cost of $750,000. There would still be significant costs for the time invested by the bank's own employees, though: $150,000 $900,000
Communication Costs The bank already has several established methods of communicating news to employees such as printed newsletters, internal Web sites, and e-mail mailing lists, so the costs of communicating the smart card deployment would not be substantial. $50,000
Training Costs for IT Staff The bank would use the same consulting organization to train the IT staff that would help with the implementation; the cost would be $10,000. Most members of the IT staff would miss 4 to 8 hours of work time, for an estimated overall cost of $80,000. $90,000
Training Costs for Users The bank would use Web-based training from the smart card vendor for teaching employees how to use the smart cards; cost is included in the price of the hardware. Each of the bank's employees would spend about an hour taking the training, for an overall cost of lost productivity of about $450,000. $450,000
Costs to Productivity and Convenience The bank assumes that the average user will miss about an hour of productivity and that one out of four will call the Help desk for assistance with their smart cards. The cost of lost productivity would be $450,000, and the expense of support calls to the Help desk would be $150,000. $600,000
Costs for Auditing and Verifying Effectiveness The Security Risk Management Team believes that it can periodically audit and verify the effectiveness of the new control at a cost of $150,000 for the first year. $150,000
Total   $4,190,000
MCSE Boot Camp Why Vibrant?   MCSE Course Course Fees  MCSE FAQ FAQ MCSE camp Contact US MCSE Boot Camp Testimonial Testimonials MCSE Map Site map  MCSE Map links MCSE Map Home MCSE Map Index  MCSE Map 270MCSE Map 290MCSE Map 291MCSE Map 293MCSE Map 294MCSE Map 298 MCSE Map 299 MCSE Map Sec+ MCSE Map 801 MCSE Map routing MCSE Map 811MCSE Map 821 MCSE Map 831. MCSE boot camp, Vibrant MCSE Boot Camp, UK, MCSE Boot Camp, USA, MCSE Boot Camp, Japan, MCSE Boot Camp, boot camps, MCSE Boot camp training, MCSE boot camp server, MCSE boot camp Microsoft, MCSE boot camp 2003, MCSE boot camp UK, MCSE boot camp India, MCSE boot camp USA, MCSE boot camp San Mateo, MCSE boot camp California, MCSE boot camp CA, MCSE boot camp security, MCSE boot camp exam, MCSE boot camp school, MCSE boot camp windows, MCSE boot camp vibrant, CCNA boot camp, Guaranteed CCNA boot camp provider, CCNA boot camp certification, CCNA boot camp training, CCNA boot camp UK, CCNA boot camp USA, CCNA boot camp San Mateo, CCNA boot camp California, CCNA boot camp CA, CCNA bootcamp exam, CCNA bootcamp school, CCNA bootcamp best, CCNA bootcamp, CCNP boot camp, Guaranteed CCNP boot camp provider, CCNP boot camp certification, CCNP boot camp training, CCNP boot camp UK, CCNP boot camp India, CCNP boot camp San Mateo, CCNP bootcamp California, CCNP boot camp CA, CCNP bootcamp exam, CCNP bootcamp school, CCNP bootcamp vibrant, MCSE bootcamp, Guaranteed MCSE bootcamp provider, MCSE Bootcamp certification, MCSE Bootcamp training, MCSE Bootcamp server, MCSE Bootcamp Microsoft, MCSE Bootcamp 2003, MCSE Bootcamp UK, MCSE Bootcamp India, MCSE Bootcamp USA, MCSE Bootcamp San Mateo, MCSE Bootcamp California, MCSE Bootcamp CA, MCSE Bootcamp security, MCSE Bootcamp exam, MCSE Bootcamp school, MCSE Bootcamp longest, MCSE Bootcamp easy, MCSE Bootcamp best, MCSE Bootcamp windows, MCSE Bootcamp vibrant