Although this is not a technical issue related to firewalls I think the
cost of a successful breakin is worth discussing ...
Quentin Fennessy writes:
> This is outrageous! What goes on in these 'average' breakins that
> cost $200K - $400K? That indicates approximately 2 - 8 person-years of
> work per incident.
For an 'average' breakin this is way too high, but in quite a few cases
it is not outrageous. Suppose a breakin causes you to have to restore
all the filesystems on an NFS server that everyone relies on. That
might take a day and leave 50 developers essentially idle. 50 man-days
(ie 10 man-weeks or around a quarter of a man-year) could easily be
worth $25K. Suppose you decide you need to force 300 people to get a
new password - how much time would that take? How much time would be
spent on examining why the breakin was successful? What if the
conclusion is you need a new firewall - how much would that cost? Do
the CPU-hours and network bandwidth that the intruders may have used
cost anything?
On the other hand, I've sat through power cuts that I estimate cost the
company $10K :-) Lost productivity seems much cheaper than it is -
noone has to sign off a purchase order but that doesn't mean it's
free. Neil.
--
nreadwin @
micrognosis .
co .
uk Phone: +1 908 855 1221 x519
Anything is a cause for sorrow that my mind or body has made
References:
|
|
