Developing an Effective Incident Cost Analysis Mechanism

Thursday, 13 June 2002, 12:03 AM EST

When it comes to calculating damages from computer security incidents, some in the media will tell you that it is impossible to come up with a value. At the same time, others will tell you that the Melissa Virus caused $80 million in damages to US businesses. Who is right? Can these damages be calculated, and if so, how?

A project by representatives of the Big Ten Universities (plus a few others) in the late 90's undertook to systematically examine the real costs of security incidents. The results of this project were an incident cost model and examples of costs for typical security incidents at these institutions. This model has been used successfully in computer intrusion cases involving federal law enforcement, and by the Honeynet Project for comparison of entries in the Forensic Challenge. It proves that fair and accurate damage estimates can be produced, and with very little work, provided that those doing the work are disciplined and diligent in keeping track of time, at the time of incident response. Unfortunately, this is where the system often breaks down. As we shall see, the need for diligence in collecting time data for every security incident response calls for policies and procedures to be set at the institutional level, and enforced as a regular part of incident handling, in order to have meaningful figures on institutional losses due to security incidents.

[ Read more ]


How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Jan 29th