" If made a part of a larger business strategy, it can also contribute positively to revenue, ... " I think that's up for debate, especially based on perspective ... It can protect the mechanisms that support a revenue stream, but I think there are very few cases for non-IT companies where InfoSec can actually *add* to the revenue stream. It's normally a part of the fixed overhead cost. If your company makes widgets, you can show that x dollars of raw materials and y dollars of labor cost contribute to revenue of y dollars when the widget sell. There is a direct relation to the cost of raw material required to produce the widget, as well as the time it takes to convert that raw material to a widget They only really see the value after the fact, when they see what has actually been lost by NOT implementing proper security proactively.
Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Andrew S. Baker [mailto:[email protected]] Sent: Friday, October 30, 2009 9:47 AM To: NT System Admin Issues Subject: Re: Ransomware Definitely... And that is short-sighted. Because it shows a distinct lack of understanding about Information Security. InfoSec is about risk mitigation and revenue *protection*. If made a part of a larger business strategy, it can also contribute positively to revenue, but that is not it's primary goal. The alarm system on your car does not make it faster, more gas efficient or more comfortable, but it helps to ensure that you have the use of your car for a longer period of time. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Providing Competitive Advantage through Effective IT Leadership On Fri, Oct 30, 2009 at 8:43 AM, Erik Goldoff <[email protected]> wrote: a LOT of it comes back to budget ... the decision makers are loathe to include budget for *anything* that does not generate revenue, and work towards reducing fixed overhead costs. Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Marc Maiffret [mailto:[email protected]] Sent: Thursday, October 29, 2009 8:28 PM To: NT System Admin Issues Subject: Re: Ransomware Another on the list of reasons of why it drives me insane that so many companies still sit around saying the same thing year after year: Why would anyone come after me? I am joe small business in joe small town. I am not wells fargo. I have never had an incident before beyond the normal spyware and such. Questions and comments which are so easily slain as are the servers and workstations of the people whom make them. Two types of people call by company, the ones whom are looking to be proactive and avoid the pain of what a breach can turn into and the ones whom thought like the people above whom now are looking for people to help clean up the mess. -Marc Maiffret www.marcmaiffret.com <http://www.marcmaiffret.com/> On Wed, Oct 28, 2009 at 12:05 PM, Roger Wright <[email protected]> wrote: Spyware, Malware, Scareware, etc.... now we have Ransomware. http://blogs.zdnet.com/security/?p=4748 Roger Wright ___ Sent from Tampa, FL, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
