that's right, you have to do prevention, but how do you explain a non-educated man what AIDS is? he doesn't even know what a virus is. And telling him that he needs to use condome if it's not convenient for him needs some persuation effords.. why should he waste his money on something he didn't use before? that's the same possition of a IT manager.. he doesn't know what is the price of a hack attack and why should he waste money on something that he didn't do before and he is not convenient with? I've read a good book called selfish gene.. it explains the theory about evolution.. where bad decisions or strategies lead to death of that specific nature of genes or habits. SO if companies go bankrupt due to hack attacks and IT managers who caused this wouldn't get a job as IT manager (that's bad assumption), only good IT managers would survive and be allowed reproduce (i mean the knowhow :) to guarantee supply of good IT managers in future :) lubo -----Original Message----- From: dgillettat_private [mailto:dgillettat_private] Sent: Dienstag, 26. Februar 2002 23:00 To: loganalysisat_private Subject: RE: [logs] hack attempts && price On 26 Feb 2002, at 10:49, Lubomir.Nistor@star-21.de wrote: > but back to the price of hack attacks.. I have this niggling idea that this is a fundamentally flawed metric. (THE recurring problem in Metrics is that people home in on things that are *easy* to count/measure, but not necessarily *important* to count/measure.) In security (like defense and intelligence and -- at least in some views -- law enforcement and medicine), the goal should be PREVENTION rather than CURE. And that means that ongoing activities such as Log Analysis need to be done, routinely, regardless of the level of hostile activity being blocked. The cost of an unblocked intrusion is known to be high. I don't have the numbers in front of me about how many enterprises never recover from a major security breach, but anyone who hasn't seen them can find them easily enough. To use a medical analogy, successful infections are, in this field, overwhelmingly fatal. The benefit of a preventive regime is that it keeps the incidence of successful infection low. But most preventive efforts need to be sustained all the time, and specific defensive action against specific threats should be relatively rare. (To continue the medical analogy, this is issuing anthrax vaccine to postal workers.) Another possible analogy is insurance. While some people still buy special insurance each time they fly, most don't -- and *nobody* buys short-term car insurance each time they drive. Most people who take vitamin C, for instance, take it daily, rather than whenever they expect to encounter strangers. Trying to relate the cost of taking the vitamin to the number of strangers one meets doesn't, I think, yield numbers that are really useful. David Gillett --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 06:44:36 PST