Skip to content

This textbook is in beta – content is actively being refined. Report issues or suggestions

14.01 The Business Case For Security - Quiz

Check your understanding

Question 1: What was the primary business impact of the Equifax data breach mentioned in the section?

  • Loss of customer data only
  • $4 billion in total costs including fines, settlements, and remediation { data-correct }
  • Temporary website downtime
  • Minor reputation damage

Question 2: According to the cost-benefit analysis example, what was the total prevention cost for the vulnerability that caused $2.5 million in damages?

  • $15,000
  • $30,000 { data-correct }
  • $45,000
  • $50,000

Question 3: Which of the following is NOT typically considered a direct cost of a security breach?

  • Incident response team costs
  • Regulatory fines
  • System recovery expenses
  • Competitive advantage loss { data-correct }

Question 4: In risk assessment, how is a risk score typically calculated?

  • Impact minus likelihood
  • Likelihood multiplied by impact { data-correct }
  • Impact divided by likelihood
  • Likelihood plus impact

Question 5: What ROI range do security investments typically return according to the section?

  • 2-5x their cost
  • 10-100x their cost { data-correct }
  • 100-500x their cost
  • Break-even only

Question 6: Which stakeholder group needs “business impact and ROI justification” when communicating about security?

  • Executives { data-correct }
  • Developers
  • Customers
  • End users

Question 7: What is a key characteristic of treating security as a business enabler rather than just a compliance requirement?

  • Focusing only on meeting minimum regulatory standards
  • Implementing security after development is complete
  • Using security to build customer trust and market differentiation { data-correct }
  • Limiting security investments to emergency responses

Question 8: In the student portal risk assessment example, which threat received the highest risk score?

  • SQL injection exposing grades { data-correct }
  • Denial of service during enrollment
  • Session hijacking
  • Unencrypted financial aid data theft

Question 9: What percentage chance of a security incident was estimated in the security investment proposal example?

  • 15%
  • 30% { data-correct }
  • 45%
  • 50%

Question 10: Which of the following best describes the relationship between security and business value?

  • Security always reduces business value due to costs
  • Security and business value are unrelated
  • Security is only valuable for compliance purposes
  • Security protects both technical assets and business value, creating competitive advantage { data-correct }