Estimate each cost for the mitigation based on the following budget. Financial Plan for Implementation of the Information Security Organization
1. Total Annual Infrastructure Budget: $1.2 million (hardware, software, licenses, spares, etc.)
2. Total Annual Supplies Budget: $0.2 million (user computers, batteries, etc.)
3. Total Annual Personnel Budget: TBD (will be determined in Week 5 financial plan)
4. Total Training Budget: TBD (will be determined in Week 5 financial plan) The Total Annual Operating Budget will be the sum of the 4 areas above.
The Infrastructure Budget includes SOC equipment which is to include SIEM servers and software (e.g., vulnerability scanners, log correlation, event monitoring)Inadequate Physical Access Controls: Mitigation
Action: Enhance physical access controls (NIST SP 800-53 PE-3).
Cost: Moderate to high, depending on the current state of physical security and the enhancements required.
Time Frame: 1-3 months.
Limited Audit Trail: Mitigation
Action: Enable comprehensive audit logging (NIST SP 800-53 AU-2).
Cost: Moderate, considering the need for additional storage and possibly software tools. Time Frame: 1-2 months.
Absence of Contingency Plan: Mitigation Action: Develop and implement a contingency plan (NIST SP 800-53 CP-2).
Cost: Moderate to high, depending on the complexity of the organization's operations.
Time Frame: 2-4 months.