Tool: What Security Can Do For YouBy Regina Kwon | Posted 2003-06-10 Email Print
Are you safe from what's out there? Ok then, how about what's on the way?
"An important first step is to evaluate risk accurately," he says, "rather than responding willy-nilly to the threat du jour."
Although benchmark costs taken from industry peers can be useful, nothing compares with having a record of one's own. "It's difficult to make a good budget or spending decision without actual facts," Lawson says.
He developed a calculator (right) that lets companies estimate how much incidents like SQL Slammer have cost them. The calculator then assesses how much loss a given level of security might have prevented.
The example shows the impact of a SQL Slammer attack on a global manufacturing company. Three levels of security are assessed: basic, in which a single person is responsible for identifying and installing required patches; intermediate, in which teams of staff are responsible for applying patches; and high end, in which the company uses a system that automatically checks for and applies patches.
Download the full calculator from the above graphical link.