Again, apples/oranges. I'm speaking of specific circumstance, and I'm not about to include natural disasters in the debate. You can either choose to see what I'm saying for what I'm saying, or don't. I'm not generalizing. I'm speaking of data loss to remote access intrusion.
-- Espi On Fri, Aug 2, 2013 at 6:53 AM, Steven M. Caesare <[email protected]>wrote: > > The odds dont matter if the risk will result in catastrophic loss to > the business. **** > > ** ** > > Sure they do.**** > > ** ** > > A meteor that wipes out your facility in North America can be mitigated by > having a completely redundant $50bil factory in Europe.**** > > ** ** > > Are you recommending that?**** > > ** ** > > -sc**** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Wednesday, July 31, 2013 7:55 PM > > *To:* [email protected] > *Subject:* Re: [NTSysADM] man-in-the-middle attack**** > > ** ** > > IMO, its a matter of recreational gambling vs. professional (done for a > living) gambling[1]. You know the odds, or you don't - doesn't matter. > What matters is if you can continue to profit from the risk. Will the > risk hurt the continuity of business operations in terms of revenue loss. > The extreme example of this is Russian roulette.**** > > ** ** > > The resulting exposed data in a MitM scenario is unique and has > substantial potential. What is important to monetize here is the loss > resulting from a MitM attack at all levels of remote access for the > organization. **** > > ** ** > > The odds dont matter if the risk will result in catastrophic loss to the > business. As someone that has discovered corporate espionage intrusions, > and systematically prevented the loss of future business deals worth > millions of dollars (whose loss would have otherwise collapsed the > business) - I have a specific view of this issue. The only additional info > on this that I will provide is that the intrusion allowed a bidding > competitor access to corporate communications as well as business plans and > bidding documents. My discoveries led to the prevention of a competitor > from staying one step ahead of us in business planning and bidding, and > eventual Federal prosecution of the intruder.**** > > ** ** > > ** ** > > 1. I'm not a gambler, but I have known professional gamblers. **** > > > **** > > -- > Espi**** > > **** > > ** ** > > On Wed, Jul 31, 2013 at 4:05 PM, Ken Schaefer <[email protected]> wrote:**** > > > In any event, the odds are irrelevant - the issue is the business risk > of intrusion/loss. **** > > **** > > How can you say that “odds are irrelevant” if the issue is business risk? > **** > > **** > > Risk is “potential for loss”, and potential includes a weighting for > likelihood (i.e. “the odds”)?**** > > **** > > Can you clarify what you mean?**** > > **** > > Cheers**** > > Ken **** > > **** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Thursday, 1 August 2013 1:43 AM**** > > > *To:* [email protected] > *Subject:* Re: [NTSysADM] man-in-the-middle attack**** > > **** > > Odds would be very difficult to extrapolate with any legitimate accuracy, > as you need to know and control the possible environments and habits of > your remote employees. In any event, the odds are irrelevant - the issue > is the business risk of intrusion/loss. **** > > > **** > > -- > Espi**** > > **** > > **** > > On Wed, Jul 31, 2013 at 8:07 AM, David Lum <[email protected]> wrote:**** > > I need to present management with the odds of this actually getting > exploited, as I’d want to force TLS 1.2 for ADFS but that takes Chrome and > more importantly Safari (iOS devices) out of the mix, so I suspect > management might say “we want compatibility instead of protection from some > obscure attack that is unlikely to happen.**** > > **** > > In short, what are the odds of a MITM attack actually happening between my > remote employee and our ADFS server?**** > > *David Lum* > Sr. Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > **** > > **** > > ** ** >
