Re: How to measure 'status' of IDS Deployment

From: Jensenne Roculan (jensenne_roculan@symantec.com)
Date: 09/23/02 

To: idsquestions@hushmail.com
From: "Jensenne Roculan" <jensenne_roculan@symantec.com>
Date: Mon, 23 Sep 2002 13:41:04 -0600

Hi there Bob,

I'd suggest checking out the following article:

Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS
http://online.securityfocus.com/infocus/1608

Jensenne Roculan
Symantec Corporation
http://www.symantec.com
(403) 213-3939 ext. 229

|---------+---------------------------->
| | idsquestions@hush|
| | mail.com |
| | |
| | 23/08/2002 10:23 |
| | AM |
| | |
|---------+---------------------------->
>--------------------------------------------------------------------------------------------------------------|
  | |
  | To: focus-ids@securityfocus.com |
  | cc: |
  | Subject: How to measure 'status' of IDS Deployment |
>--------------------------------------------------------------------------------------------------------------|

I have been tasked with comparing my IDS deployment at work to determine if
it is 'world class'/'best in class' quality'. This is rather vague as it is
hard to quantify and compare placement issues and success. I wonder how
others are approaching this? This more than 'we saw 500,000 things this
week and 100 were real things we investigated'..

How do you, perhaps as a ROI issue, justify the money spent and compare
your deployment to established(?) benchmarks?

-Bob

Get your free encrypted email at https://www.hushmail.com