TulTech is considering investing in a Security Operations Center (SOC); relying on an ad hoc response team from IT has led to too many breach “near misses.” Making such an investment is expensive: It requires purchasing a license for Security Information and Event Management (SIEM) tools, plus hiring and training staff (who don’t come cheap given how in-demand their skills are). You need to make the case for the SOC or argue that it’s too expensive to be justified given the risk. Here are the parameters: Running a SOC would cost $1 million per year to run. While TulTech hasn’t been breached and experienced “the big one” yet, management estimates that a breach would cost the company at least $20 million. The SOC vendor claims that its clients have never experienced a breach of this magnitude after the SOC is up and running, but TulTech management is skeptical of this claim. To conduct a cost-benefit analysis of the SOC, you’ll need to decide whether to (1) select a risk reduction value for the SOC and find the break-even probability of a breach occurring or (2) estimate the baseline annual probability of a breach occurring at TulTech and find the break-even risk reduction required to justify the investment. Whichever approach you take, you’ll need to back up your decision with evidence. Create a discussion post in the form of a memo for the TulTech leadership team. Be sure to include the following: A recommendation of whether to move forward with the SOC. Support for your recommendation in the form of security metrics. Additional detail explaining the evidence backing up your calculations. Discussion of any parameter uncertainty and how this could affect your recommendation.