RE: How does and IDS help to save money??

From: McCammon, Keith (Keith.McCammon@eadvancemed.com)
Date: 04/15/02


Date: Mon, 15 Apr 2002 16:57:26 -0400
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
To: "Bryan Burns" <bburns@onesecure.com>, "Shripal Meghani" <maegabyte@yahoo.com>, <focus-ids@securityfocus.com>


--------------
This is based on the assumption that the IDS actually stops the threats,
which isn't always the case. An IDS can only stop attacks if it's
manned by
a full-time security expert who can react instantaneously and
appropriately
to all incidents. If such a person even existed, she would cost a lot
more
than your IDS software..
--------------

Sorry that I wasn't clear. I should have been less specific, in
retrospect.

Anyway, I was trying to get him to see the big picture, and realize that
the safeguard itself was actually irrelevant to the questions that he
was asking. If he wants to convince management of anything, he needs to
assign value to his assets, and then look at the operating cost of all
of the available safeguards in comparison. He may be able to justify
nothing more than a simple firewall, or he may be able to justify a
full-blown firewall/IDS/integrity solution. But when you're talking to
management about security, you're talking about acceptable risk. And
management isn't going to spend $20K to protect something that's worth
$2K.