A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company
projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received
three quotes from different companies that provide HIPS.
– The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations.
– The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a
12% annual fee based on the number of workstations.
– The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?

A.
First quote

B.
Second quote

C.
Third quote

D.
Accept the risk