[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Learn from history?

To: "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Learn from history?
From: "Alerta Redsegura" <alerta@xxxxxxxxxxxxx>
Date: Mon, 10 May 2004 09:04:21 -0500

Ng, Kenneth (US) wrote:

> Your missing an important element: what are the odds of the event
> happening?

When we talk about risk, we are already taking into account the odds of the
event happening:

R = E x p

Where:

R = Risk
E = event
p = probability of the event happening



> Lots of places refuse to act until there is an actual worm that
> is trashing businesses show up in their trade publication
> (in other words, full-disclosure, and slashdot.org don't count).
> Trouble is, with the speed of today's worms, by the time it shows
> up on cnn.com, its too late.

Unfortunately, yes.





Iñigo Koch
Red Segura



>> -----Original Message-----
>> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
>> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Alerta
>> Redsegura
>> Sent: Thursday, May 06, 2004 11:08 AM
>> To: Full-Disclosure
>> Subject: RE: [Full-Disclosure] Learn from history?
>> The first thing to determine with the company management is: What
>> happens to
>> the company if their network is down 1h? 2h? One day? One week?  How much
>> money does that represent?  If data is lost, how much does it cost to
>> re-build it (resources, time spent, etc.)?
>>
>> If you clearly assess the risks and come up with a solution showing an
>> adequate cost-benefit ratio and you compare it to the possible losses,
>> chances are that management will approve your proposal, regardless of the
>> company size (from SMB to Fortune-100).
>>
>>
>>
>>
>>
>> Iñigo Koch
>> Red Segura
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
>> ******************************************************************
>> ***********
>> The information in this email is confidential and may be legally
>> privileged.
>> It is intended solely for the addressee. Access to this email by
>> anyone else
>> is unauthorized.
>>
>> If you are not the intended recipient, any disclosure, copying,
>> distribution
>> prohibited
>> and may be unlawful. When addressed to our clients any opinions or advice
>> contained in this email are subject to the terms and conditions
>> expressed in
>> the governing KPMG client engagement letter.
>> ******************************************************************
>> ***********

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Learn from history?
  - From: Michal Zalewski

References:
- RE: [Full-Disclosure] Learn from history?
  - From: Ng, Kenneth (US)

Prev by Date: Re: [Full-Disclosure] iDEFENSE: Security Whitepaper on Trusted Computing Platforms
Next by Date: Re: [Full-Disclosure] iDEFENSE: Security Whitepaper on Trusted Computing Platforms
Previous by thread: RE: [Full-Disclosure] Learn from history?
Next by thread: RE: [Full-Disclosure] Learn from history?
Index(es):
- Date
- Thread