7. In many cases, if the IDS detects an intruder, A. Cybersecurity personnel should react swiftly, because the intruder is likely real B. Cybersecurity personnel should react swiftly, even though it's...

Extracted text: 7. In many cases, if the IDS detects an intruder, A. Cybersecurity personnel should react swiftly, because the intruder is likely real B. Cybersecurity personnel should react swiftly, even though it's probably a false alarm C. Cybersecurity personnel should wait for more data, because it's probably a false alarm D. Cybersecurity personnel should wait for more data, even though the intruder is likely real


Extracted text: 8. Consider the quantitative version of the risk formula A. What quantity (dollar value) of risk is generated by a threat that will cause $5,000,000 in damage if it occurs, and has a 0.1% chance of occurring in any given year? B. Based on the quantitative risk calculated in part A, is it worth deploying a control that costs $50,000 per year (easily possible if it requires hiring a dedicated employee)? C. Consider the case that $5,000,000 in damages is likely to greatly exceed both the total revenue and the emergency cash reserve of a small business (which typically recommended to be in the ballpark of 6 months of operating expenses). How would you rate this threat for such a company, qualitatively? D. Based on the qualitative risk assessed in part C, is it worth deploying a control that costs $50,000 per year? Why or why not?