lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: alerta at redsegura.com (Alerta Redsegura)
Subject: Learn from history?

Ng, Kenneth (US) wrote:

> Your missing an important element: what are the odds of the event
> happening?

When we talk about risk, we are already taking into account the odds of the
event happening:

R = E x p

Where:

R = Risk
E = event
p = probability of the event happening



> Lots of places refuse to act until there is an actual worm that
> is trashing businesses show up in their trade publication
> (in other words, full-disclosure, and slashdot.org don't count).
> Trouble is, with the speed of today's worms, by the time it shows
> up on cnn.com, its too late.

Unfortunately, yes.





I?igo Koch
Red Segura



>> -----Original Message-----
>> From: full-disclosure-admin@...ts.netsys.com
>> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Alerta
>> Redsegura
>> Sent: Thursday, May 06, 2004 11:08 AM
>> To: Full-Disclosure
>> Subject: RE: [Full-Disclosure] Learn from history?
>> The first thing to determine with the company management is: What
>> happens to
>> the company if their network is down 1h? 2h? One day? One week?  How much
>> money does that represent?  If data is lost, how much does it cost to
>> re-build it (resources, time spent, etc.)?
>>
>> If you clearly assess the risks and come up with a solution showing an
>> adequate cost-benefit ratio and you compare it to the possible losses,
>> chances are that management will approve your proposal, regardless of the
>> company size (from SMB to Fortune-100).
>>
>>
>>
>>
>>
>> I?igo Koch
>> Red Segura
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
>> ******************************************************************
>> ***********
>> The information in this email is confidential and may be legally
>> privileged.
>> It is intended solely for the addressee. Access to this email by
>> anyone else
>> is unauthorized.
>>
>> If you are not the intended recipient, any disclosure, copying,
>> distribution
>> prohibited
>> and may be unlawful. When addressed to our clients any opinions or advice
>> contained in this email are subject to the terms and conditions
>> expressed in
>> the governing KPMG client engagement letter.
>> ******************************************************************
>> ***********

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ