A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO
wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor
proposals have been received:
Vendor A: product-based solution which can be purchased by the pharmaceutical company.
Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be
$150,000. Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the solution, and
1 full time employee to respond to incidents per year.
Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company’s
needs.
Bundled offering expected to be $100,000 per year.
Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE
per year.Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two
vendor proposals over a 5 year period, which of the following options is MOST accurate?
A.
Based on cost alone, having an outsourced solution appears cheaper.
B.
Based on cost alone, having an outsourced solution appears to be more expensive.
C.
Based on cost alone, both outsourced an in-sourced solutions appear to be the same.
D.
Based on cost alone, having a purchased product solution appears cheaper.