Re: Value of IDS, ROI
From: Bob Huber (roberthuberjr_at_yahoo.com)
Date: 05/04/05
- Previous message: Ed Gibbs: "RE: Value of IDS, ROI"
- Next in thread: Angel L Rivera: "RE: Value of IDS, ROI"
- Reply: Angel L Rivera: "RE: Value of IDS, ROI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 May 2005 17:30:38 -0700 (PDT) To: focus-ids@securityfocus.com
The easiest approach would be to quantify the cost of
any worm outbreaks, outages, or compromises you have
already had if you have the data handy, or guesstimate
what the cost of an outage of one of your information
assets would be.
The second thing that is compelling is the fact that
most large companies, depending on their industry,
have legal requirements to have some form of IDS. For
example, healthcare, insurance have HIPAA, financial
institutions have Graham-Leach-Bliley, FDIC, SEC, OCC,
Sarbanes Oxley etc.. Some of these regulations levy a
fine for lack of controls.
As far as a monitoring strategy, that all depends on
the level of risk you are willing to accept and the
value of your assets/information. Are you processing
customer data, social security numbers, credit card
numbers, bank accounts, or just hosting a static web
site? There are a million factors here to contend
with, pick up your nearest CISSP cram book.
Supposing you have something worth protecting, at a
minimum, you should at least look for signs of a
compromise, rather than scans, sweeps and information
probes. While looking at probes, and reconnaissance
is fun for an IDS geek, if you don't have time, and no
dedicated security staff, just worry about the heavy
hitter events and log everything else so when you DO
have a compromise you at least have the data available
for review.
This is a quick and simplistic view..I'm certain there
are all sorts of articles on the web on such topics,
as well as books.
Bob
--- Jason Patel <patel1210@yahoo.com> wrote:
>
>
> I was wondering how big companies CIO show their
> executives Return of investment on IDS. What is the
> monitoring strategy for IDS alerts. I am trying to
> figure monitoring strategy and how to show my
> executive that how important job this is, but cant
> come up with a convincing solution. Anyhelp is
> highly appreciated.
>
> Thanks,
>
> Jason
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Ed Gibbs: "RE: Value of IDS, ROI"
- Next in thread: Angel L Rivera: "RE: Value of IDS, ROI"
- Reply: Angel L Rivera: "RE: Value of IDS, ROI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
