A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system
compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years
responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three
quotes from different companies that provide HIPS. The first quote requires a $10,000 one-time fee, annual
cost of $6 per workstation, and a 10% annual support fee based on the number of workstations. The second
quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on
the number of workstations. The third quote has no one-time fee, an annual cost of $8 per workstation, and a
15% annual fee based on the number of workstations.
Which solution should the company select if the contract is only valid for three years?

A.
First quote

B.
Second quote

C.
Third quote

D.
Accept the risk