Post by thread:[OT] Damage estimates

On Tue, May 16, 2000 at 08:24:43AM -0400, M. Adam Davis wrote: > virus, and determine a plan of action. Here's the expensive part: While a > script can get rid of most traces of the virus, and a few filters can keep it > from spreading much more, thousands of emails have been lost/dropped, schedules > have been moved back, parts aren't on order (and they are supposed to be), etc, Quite frankly, if a company of that kind of size allows its employees to read email with Outlook Express (or any Microsoft product, for that matter) then they deserve what they get. If email is that important to the company, then it should be bulletproof. A company of that size should have at least a couple of staff devoted to risk management. It became very obvious some time ago that Outlook express is as full of holes as a Swiss cheese, and any risk manager who hadn't taken steps to prevent this kind of attack should be fired (given that there were ample precedents for it). But then maybe they don't back their data up either. -- Clyde Smith-Stubbs | HI-TECH Software Email: spam_OUTclydeTakeThisOuThtsoft.com | Phone Fax WWW: http://www.htsoft.com/ | USA: (408) 490 2885 (408) 490 2885 PGP: finger .....clydeKILLspam@spam@htsoft.com | AUS: +61 7 3355 8333 +61 7 3355 8334 --------------------------------------------------------------------------- HI-TECH C: compiling the real world.

Yeah, well unfortunately those who have this knowledge are managed by those who cut their teeth on microsoft products in business school, and they won't have it any other way. It's a vicious circle, in which everyone can say, "It's not my fault nor responsibility", and be right. -Adam Clyde Smith-Stubbs wrote: {Quote hidden}> > On Tue, May 16, 2000 at 08:24:43AM -0400, M. Adam Davis wrote: > > Quite frankly, if a company of that kind of size allows its employees to read > email with Outlook Express (or any Microsoft product, for that matter) then > they deserve what they get. If email is that important to the company, then > it should be bulletproof. > > A company of that size should have at least a couple of staff devoted to > risk management. It became very obvious some time ago that Outlook express > is as full of holes as a Swiss cheese, and any risk manager who hadn't taken > steps to prevent this kind of attack should be fired (given that there were > ample precedents for it). > > But then maybe they don't back their data up either. > > -- > Clyde Smith-Stubbs | HI-TECH Software > Email: clydeKILLspamhtsoft.com | Phone Fax > WWW: http://www.htsoft.com/ | USA: (408) 490 2885 (408) 490 2885 > PGP: finger .....clydeKILLspam.....htsoft.com | AUS: +61 7 3355 8333 +61 7 3355 8334 > --------------------------------------------------------------------------- > HI-TECH C: compiling the real world.

>Yeah, well unfortunately those who have this knowledge are managed by those who >cut their teeth on microsoft products in business school, and they won't have it >any other way. It's a vicious circle, in which everyone can say, "It's not my >fault nor responsibility", and be right. Unfortunately I think you are correct, but at least on New Zealand government department seems to think there are other routes. Try www.nzherald.co.nz/storydisplay.cfm?storyID=137266&thesection=technology& thesubsection=general

Hi, the "expected value" of the damage is the amount of the damage multiplied by its probability. Of course this calculated value is to be summed on all independent events. Thus it is worth to make countermeasures until it costs less than that expected total. On the other hand, one should take into account what is the cost of the software make possible such damages comparing with (maybe free) alternatives. It is the point of decision and IMHO the decision maker should not only justify his/her decision but also responsible for it. Regards, Imre On Tue, 16 May 2000, Clyde Smith-Stubbs wrote: {Quote hidden}> On Tue, May 16, 2000 at 08:24:43AM -0400, M. Adam Davis wrote: > > > virus, and determine a plan of action. Here's the expensive part: While a > > script can get rid of most traces of the virus, and a few filters can keep it > > from spreading much more, thousands of emails have been lost/dropped, schedules > > have been moved back, parts aren't on order (and they are supposed to be), etc, > > Quite frankly, if a company of that kind of size allows its employees to read > email with Outlook Express (or any Microsoft product, for that matter) then > they deserve what they get. If email is that important to the company, then > it should be bulletproof. > > A company of that size should have at least a couple of staff devoted to > risk management. It became very obvious some time ago that Outlook express > is as full of holes as a Swiss cheese, and any risk manager who hadn't taken > steps to prevent this kind of attack should be fired (given that there were > ample precedents for it). > > But then maybe they don't back their data up either. > > -- > Clyde Smith-Stubbs | HI-TECH Software > Email: EraseMEclydespam_OUTTakeThisOuThtsoft.com | Phone Fax > WWW: http://www.htsoft.com/ | USA: (408) 490 2885 (408) 490 2885 > PGP: finger clydespam_OUThtsoft.com | AUS: +61 7 3355 8333 +61 7 3355 8334 > --------------------------------------------------------------------------- > HI-TECH C: compiling the real world. > >