On Tue, Feb 26, 2002 at 10:49:42AM +0100, Lubomir.Nistor@star-21.de wrote: > sweth:please read any security risk assessment guide.. there you'll > get this formula well explained.. Those types of formulas, yes, and as I said before I'm already very familiar with them. I was wondering about the specific formula you were using, since it had enough numbers filled in to make it seem as though you were trying to present an example, but was missing enough information to make it make no sense as it stood. Specifically: > identify risk (fx. e-commerce site that brings $10M yearly=>1 day > +downtime=$300K=>1 hour downtime=$10K) > cover risk by realtime log auditing.. (costs fx $7K daily) > > profit=> risk value*risk probability - countermeasure=$40K monthly How do you come up with $40K? What is the risk probability you are using? Are you counting the log auditing as the countermeasure? If so, does the cost listed include amortized costs for the efforts of the people involved, too? Those are the sorts of details that would make something like this useful to most of the people on the list, I suspect. -- Sweth, catching up on old list mail. -- Sweth Chandramouli ; <svcat_private> President, Idiopathic Systems Consulting --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 16:56:19 PST