On Jul 2, 2010, at 5:54 PM, Champ Clark III [Softwink] wrote: > Accidental 'DoS' conditions seem to pop-up a lot in these environments, > IMHO.
Availability is the most important, yet least-understood element of the C-I-A triad, IMHO. And not just on public-facing networks, but in private networks which often support mission-critical applications, as you describe. I've found that talking about DoS strictly in terms of loss of availability, along with the business impact of a given system or systems suffering a total loss of availability, is sometimes effective in explaining the risks to non-technical decisionmakers and convincing them to allocate resources to improve their security postures. In other words, 'phones not working', 'orders can't be processed', 'supply-chain requests can't be fulfilled', 'sales staff can't record sales', and so forth. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
