Ng, Kenneth (US) wrote: > Your missing an important element: what are the odds of the event > happening?
When we talk about risk, we are already taking into account the odds of the event happening: R = E x p Where: R = Risk E = event p = probability of the event happening > Lots of places refuse to act until there is an actual worm that > is trashing businesses show up in their trade publication > (in other words, full-disclosure, and slashdot.org don't count). > Trouble is, with the speed of today's worms, by the time it shows > up on cnn.com, its too late. Unfortunately, yes. I�igo Koch Red Segura >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Alerta >> Redsegura >> Sent: Thursday, May 06, 2004 11:08 AM >> To: Full-Disclosure >> Subject: RE: [Full-Disclosure] Learn from history? >> The first thing to determine with the company management is: What >> happens to >> the company if their network is down 1h? 2h? One day? One week? How much >> money does that represent? If data is lost, how much does it cost to >> re-build it (resources, time spent, etc.)? >> >> If you clearly assess the risks and come up with a solution showing an >> adequate cost-benefit ratio and you compare it to the possible losses, >> chances are that management will approve your proposal, regardless of the >> company size (from SMB to Fortune-100). >> >> >> >> >> >> I�igo Koch >> Red Segura >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> >> ****************************************************************** >> *********** >> The information in this email is confidential and may be legally >> privileged. >> It is intended solely for the addressee. Access to this email by >> anyone else >> is unauthorized. >> >> If you are not the intended recipient, any disclosure, copying, >> distribution >> prohibited >> and may be unlawful. When addressed to our clients any opinions or advice >> contained in this email are subject to the terms and conditions >> expressed in >> the governing KPMG client engagement letter. >> ****************************************************************** >> *********** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
