Calculating Return: What Security Can Do for YouBy Regina Kwon | Posted 2003-06-01 Email Print
The cost to businesses from the SQL Slammer Worm ran into the billions of dollars, according to many analyst estimates. What would your costs be if you got hit?
"An important first step is to evaluate risk accurately," he says, "rather than responding willy-nilly to the threat du jour."
Although benchmark costs taken from industry peers can be useful, nothing compares with having a record of one's own. "It's difficult to make a good budget or spending decision without actual facts," Lawson says.
He developed a calculator that lets companies estimate how much incidents like SQL Slammer have cost them. The calculator then assesses how much loss a given level of security might have prevented.
The example shows the impact of a SQL Slammer attack on a global manufacturing company. Three levels of security are assessed: basic, in which a single person is responsible for identifying and installing required patches; intermediate, in which teams of staff are responsible for applying patches; and high end, in which the company uses a system that automatically checks for and applies patches.