On 26 Feb 2002, at 10:49, Lubomir.Nistor@star-21.de wrote: > but back to the price of hack attacks.. I have this niggling idea that this is a fundamentally flawed metric. (THE recurring problem in Metrics is that people home in on things that are *easy* to count/measure, but not necessarily *important* to count/measure.) In security (like defense and intelligence and -- at least in some views -- law enforcement and medicine), the goal should be PREVENTION rather than CURE. And that means that ongoing activities such as Log Analysis need to be done, routinely, regardless of the level of hostile activity being blocked. The cost of an unblocked intrusion is known to be high. I don't have the numbers in front of me about how many enterprises never recover from a major security breach, but anyone who hasn't seen them can find them easily enough. To use a medical analogy, successful infections are, in this field, overwhelmingly fatal. The benefit of a preventive regime is that it keeps the incidence of successful infection low. But most preventive efforts need to be sustained all the time, and specific defensive action against specific threats should be relatively rare. (To continue the medical analogy, this is issuing anthrax vaccine to postal workers.) Another possible analogy is insurance. While some people still buy special insurance each time they fly, most don't -- and *nobody* buys short-term car insurance each time they drive. Most people who take vitamin C, for instance, take it daily, rather than whenever they expect to encounter strangers. Trying to relate the cost of taking the vitamin to the number of strangers one meets doesn't, I think, yield numbers that are really useful. David Gillett --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 15:59:38 PST