Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW in digest form)
- From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
- Date: Fri, 17 Apr 2009 18:24:52 -0400
would Marcus' artist friend agree to a 10% or 20% increase in his
utility bills to have "proper security" (however one defines this)?
Wait a minute!! It was properly secure BEFORE.
In fact, had to have SPENT MONEY to make it worse.
Someone, someplace, put it into a less secure state
"to save money" or "for business reasons." What we're
seeing is that their cost/benefit analysis was wrong;
it didn't save as much as they thought (because they
did it wrong!) or, if it recouped enough on the
investment, then any additional security expense
comes out of that profit/benefit's margin.
Let me belabor that point a bit: security is often
seen as a bill that gets presented; a cost of doing
business. What they don't understand is that the
bill is just interest coming due for when they cut
some corners years ago. A break-in or disaster is
that interest, compounded.
This is one reason I am (obviously) highly skeptical
of many business justifications. They omit to take
hidden costs into account and then try to shift/blame
someone else for them later. It's very easy to see
something as a profitable and desirable activity as
long as you only look at the upside.
Marcus J. Ranum CSO, Tenable Network Security, Inc.
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] Is a full collapse possible?
- Next by Date: Re: [fw-wiz] SCADA
- Previous by thread: Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW in digest form)
- Next by thread: Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW in digest form)