Tool: What Security Can Do For You

By Regina Kwon Print this article Print

Are you safe from what's out there? Ok then, how about what's on the way?

PDF Download The cost to businesses from the SQL Slammer Worm ran into the billions of dollars, according to many analyst estimates. The 376-byte packet of code slowed network traffic to a crawl in January by forcing unpatched installations of Microsoft SQL Server 2000 to spew replicas of the worm over the Internet.

XLS Download But even though malicious code is a constant threat, companies should not panic, says David Lawson of Greenwich Technology Partners in New York. Instead, they should define and establish reasonable levels of protection.

"An important first step is to evaluate risk accurately," he says, "rather than responding willy-nilly to the threat du jour."

Although benchmark costs taken from industry peers can be useful, nothing compares with having a record of one's own. "It's difficult to make a good budget or spending decision without actual facts," Lawson says.

He developed a calculator (right) that lets companies estimate how much incidents like SQL Slammer have cost them. The calculator then assesses how much loss a given level of security might have prevented.

The example shows the impact of a SQL Slammer attack on a global manufacturing company. Three levels of security are assessed: basic, in which a single person is responsible for identifying and installing required patches; intermediate, in which teams of staff are responsible for applying patches; and high end, in which the company uses a system that automatically checks for and applies patches.

Download the full calculator from the above graphical link.

This article was originally published on 2003-06-10
As Statistics Editor of Baseline magazine, Regina creates interactive tools, worksheets and project guides for technology managers. Before joining Ziff Davis, she worked as a technical program manager for a database company, where her projects included data management applications in XML, Java, Visual Basic and ASP. Her other experience includes running the new media department at Christie's Inc. and writing and editing for Internet World and PC Magazine. Regina received a B.A. from Yale.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.