RE: [logs] hack attempts && price

From: Russell Fulton (R.FULTONat_private)
Date: Tue Feb 19 2002 - 11:52:53 PST

  • Next message: Tina Bird: "[logs] Log Analysis Tutorial - Online from USENIX"

    On Wed, 2002-02-20 at 03:30, Lubomir.Nistor@star-21.de wrote:
    > well as a consultant I do this aproach:
    > 
    > identify risk (fx. e-commerce site that brings $10M yearly=>1 day downtime=$300K=>1 hour downtime=$10K)
    > cover risk by realtime log auditing.. (costs fx $7K daily)
    > 
    > profit=> risk value*risk probability - countermeasure=$40K monthly
    > 
    
    This works for straight commercial front end system, but how to you cost
    a breakin to HR or other system that isn't critical to your ability to
    do business.  The cost is definitely greater than the time to make good
    the damage but by how much?  How does on cost employees privacy?
    
    -- 
    Russell Fulton, Computer and Network Security Officer
    The University of Auckland,  New Zealand
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 12:43:05 PST