Rick, For the "costs of fixing this network" there is a long list of costs associated with that task. Some would be:
- cost of personnel multiplied by the level of effort (or time) required to complete the security tasks - cost of additional hardware required to mitigate identified risks - cost of additional software required to mitigate identified risks - additional staffing costs for security management, monitoring, training, awareness, etc. I'm not sure if this is what you're looking for or not... I hope you find is useful. Randy --- "Simons, Rick" <[EMAIL PROTECTED]> wrote: > Thought I would post a question here, nessus related > -- kinda OT. Would > like any appropriate feedback ... > > If someone is drawing up a vulnerability and "costs > of fixing this network" > document; am I overlooking associated costs with > securing a network using > Nessus? > > 1. Accept the risk > costs: (potential) legal, downtime, publicity > > 2. Use Nessus to figure out the vulnerabilities > costs: build nessus box, install + update, policy > creation for > scans, scan times, scan reviews, vulnerability > research, patch research, > patch install, administrative red tape ===== Randy M. Nash @RISK Online http://www.atriskonline.com __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
