lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: jleffler at us.ibm.com (Jonathan Leffler)
Subject: Re: ROSI

"Curt Purdy" <purdy@...man.com> wrote:
> ROSI [...] Annual Loss Expectancy (ALE) was figured. ALE is an attack's 
damage
> multiplied by frequency.
>
> Determining cost-benefit
>
> (R-E) + T = ALE
> R-ALE = ROSI
>
> R = the cost per year to recover from an intrusion
> E = the savings gained by stopping the intrusion
> T = the cost of the intrusion detection tool
> ALE = the Annual Loss Expectancy
> ROSI = Return On Security Investment

That formula appears to reduce to ROSI = E - T, though the units of the 
terms
in the equations (dimensional analysis) make me suspicious that the 
formula is
incomplete or the definitions of the terms are too loose (R in $/y; E in 
$; T
in $, ALE in $/y; ROSI units unclear).

> www.csds.uidaho.edu/director/costbenefit.pdf

That URL does not appear to be working this morning.

--
Jonathan Leffler (jleffler@...ibm.com)
STSM, Informix Database Engineering, IBM Data Management
4100 Bohannon Drive, Menlo Park, CA 94025
Tel: +1 650-926-6921   Tie-Line: 630-6921
      "I don't suffer from insanity; I enjoy every minute of it!"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ