> In any event, the odds are irrelevant - the issue is the business risk of > intrusion/loss.
How can you say that "odds are irrelevant" if the issue is business risk? Risk is "potential for loss", and potential includes a weighting for likelihood (i.e. "the odds")? Can you clarify what you mean? Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Thursday, 1 August 2013 1:43 AM To: [email protected] Subject: Re: [NTSysADM] man-in-the-middle attack Odds would be very difficult to extrapolate with any legitimate accuracy, as you need to know and control the possible environments and habits of your remote employees. In any event, the odds are irrelevant - the issue is the business risk of intrusion/loss. -- Espi On Wed, Jul 31, 2013 at 8:07 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: I need to present management with the odds of this actually getting exploited, as I'd want to force TLS 1.2 for ADFS but that takes Chrome and more importantly Safari (iOS devices) out of the mix, so I suspect management might say "we want compatibility instead of protection from some obscure attack that is unlikely to happen. In short, what are the odds of a MITM attack actually happening between my remote employee and our ADFS server? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764>
