[Techtalk] the cost of security holes debate
Hamster
hamster at hamsternet.org
Mon Jul 22 23:46:53 EST 2002
> What other factors come to mind for quantifying the cost of security
> holes and the overall security of a system?
I used to work for a company that sold security stuff, and the biggest problem they had was justifying the cost of security measures. This was how they tried to do exactly that.
The sales pitch went along these lines:
Q. How much is your car/house worth?
Q. How much insurance do you pay on that car/house in case it gets stolen or damaged or destroyed.
ok (work out as percentage)
Q. How much is your data worth to you in a dollar value.
Then the salesguy would use the percentage calcuated after the first two questions, to give some sort of perspective as to how much people are prepared to pay to safeguard other things, yet would baulk at a one off payment to purchase a firewall.
In just about every case I think, the cost of the firewall was much less than the equivalent insurance figure.
Hamster
More information about the Techtalk
mailing list