TaoSecurity: Jeremiah Grossman on Justifying Security Spending cá cược thể thao bet365_cách nạp tiền vào bet365

Thursday, December 11, 2008

Jeremiah Grossman on Justifying Security Spending

I liked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 way Jeremiah Grossman listed five ways to justify security spending:

1) Risk Mitigation
"If we spend $X on Y, we’ll reduce of risk of loss of $A by B%."

2) Due Diligence
"We must spend $X on Y because it’s an industry best-practice."

3) Incident Response
"We must spend $X on Y so that Z never happens again."

4) Regulatory Compliance
"We must spend $X on Y because PCI-DSS says so."

5) Competitive Advantage
"We must spend $X on Y to make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 customer happy."

Jeremiah expands on each in his blog, which makes for good reading.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

2 comments:

Anonymous said...: This comment has been removed by a blog administrator.; 7:05 AM
Michael Cloppert said...: 3) Incident Response
"We must spend $X on Y so that Z never happens again."

I think this is misleading. While one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 questions answered by an incident response process is "how", often cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most important questions that need to be answered are "what" and "how much". IME, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "how" is most often via known vulnerabilities - be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y technical or human - resulting from process, visibility, or training gaps. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, issues that will always exist.

That said, if intelligence on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 perpetrator of an incident is properly collected and leveraged, IR can be an effective prevention mechanism as well (I like to call it "intelligence-driven response"), but few outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 defense industrial base seem to do it well. Measuring IR solely in terms of prevention will not demonstrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 true return on investment, which will undercut cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire function in reduced funding and organizational focus.

Incident Response is best measured in terms of triage (response/detect time), guidance to focus infrastructure efforts, and prevention.; 8:35 PM