[Full-Disclosure] Re: ROSI

From: Jonathan Leffler (jleffler_at_us.ibm.com)
Date: 04/08/04

  • Next message: Cisco Systems Product Security Incident Response Team: "[Full-Disclosure] Cisco Security Advisory: Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability"
    To: full-disclosure@lists.netsys.com
    Date: Thu, 8 Apr 2004 10:16:25 -0700
    
    

    "Curt Purdy" <purdy@tecman.com> wrote:
    > ROSI [...] Annual Loss Expectancy (ALE) was figured. ALE is an attack's
    damage
    > multiplied by frequency.
    >
    > Determining cost-benefit
    >
    > (R-E) + T = ALE
    > R-ALE = ROSI
    >
    > R = the cost per year to recover from an intrusion
    > E = the savings gained by stopping the intrusion
    > T = the cost of the intrusion detection tool
    > ALE = the Annual Loss Expectancy
    > ROSI = Return On Security Investment

    That formula appears to reduce to ROSI = E - T, though the units of the
    terms
    in the equations (dimensional analysis) make me suspicious that the
    formula is
    incomplete or the definitions of the terms are too loose (R in $/y; E in
    $; T
    in $, ALE in $/y; ROSI units unclear).

    > www.csds.uidaho.edu/director/costbenefit.pdf

    That URL does not appear to be working this morning.

    --
    Jonathan Leffler (jleffler@us.ibm.com)
    STSM, Informix Database Engineering, IBM Data Management
    4100 Bohannon Drive, Menlo Park, CA 94025
    Tel: +1 650-926-6921   Tie-Line: 630-6921
          "I don't suffer from insanity; I enjoy every minute of it!"
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Cisco Systems Product Security Incident Response Team: "[Full-Disclosure] Cisco Security Advisory: Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability"

    Relevant Pages

    • Re: Low cost HID based IDS system
      ... package will probably change the way we look at intrusion detection. ... First of all, I will be releasing LogAgent 4.0, both in Open Source and Pro ... This is a tool for monitoring and centralising ascii log files ... >deploying a low cost HID based IDS system. ...
      (Focus-IDS)
    • RE: Low cost HID based IDS system
      ... Everything has a cost associated with it. ... IDS 24/7 like an MSSP would? ... the services of an MSSP *through* his company to each of his customers. ... INTRUSION PREVENTION: READY FOR PRIME TIME? ...
      (Focus-IDS)
    • Low cost HID based IDS system
      ... deploying a low cost HID based IDS system. ... controlled by us and has a low cost per month to all of our clients. ... the centralized console cost is split over multiple clients on a monthly ... INTRUSION PREVENTION: READY FOR PRIME TIME? ...
      (Focus-IDS)
    • RE: [inbox] [Full-Disclosure] ROSI
      ... > Any good links/pointers to ROSI (Return on security investment)? ... Loss Expectancy (ALE) was figured. ... R =the cost per year to recover from an intrusion ...
      (Full-Disclosure)
    • Re: How do you know how much is too much???
      ... On Wed, 17 Apr 2002 23:42:29 GMT, Jem Berkes ... >>>cost of a reinstall in case of intrusion. ...
      (comp.os.linux.security)