Re: Statistics
From: Alessandro Bottonelli (abottonelli_at_libero.it)
Date: 11/25/03
- Previous message: Edward Monteiro: "Re: RPC ports on Win2k"
- In reply to: Jack Solomon: "Statistics"
- Next in thread: Steve: "Re: Statistics"
- Reply: Steve: "Re: Statistics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jack Solomon" <solzjack43@hotmail.com>, security-basics@securityfocus.com Date: Tue, 25 Nov 2003 13:22:08 +0100
On Monday 24 November 2003 16:57, Jack Solomon wrote:
> I often hear statistics bandied around like 85% of attacks are internal.
> Can anyone point to a reliable/quotable source of stats?
>
82% Internal (of which 55% accidental) are quoted from a research (not
public) of either Ernst&Young or Datapro--can't remember right now which one.
> I'd like to prove
> to my cynical managment that we are not safe behind the corporate
> firewall...
>
Beware! You are right, but this issue is highly political, management
don't like to be told they cannot trust their employees. Make sure YOU know
how to state this.
> Also, I'd be interested in stats on amout of money lost
>
Hmmm. When it comes to money things are even worse. Insiders have more
opportunity, means and motive to hit you hard. In a research paper of mine (I
found no one here in Italy available to pubblish it... wonder why) I made
this consideration (which is not by far a statistics):
-1- SQLWORM hits the Italian Post Office. Zero insiders, a unaccounted number
of outsiders: estimated damage 150,000 Euros
-2- CREDIT CARD CLONING in an Italian (Tuscany) Bank. One insider, five
outsiders: measured damage 1,000,000 Euros
-3- INS OUTSOURCER DESTROYS (willingly) some thousands documents (in order to
look good on their SLA...). Three insiders, zero outsiders: assessed damage
250,000,000 dollars (the value of the 5-year contract with INS).
Be careful when (if) using this with your management, as we say in Italy:
"wrap it with plenty of vaseline grease ..." <grin>
-- Alessandro Bottonelli CISSP, BS7799 Lead Auditor www.axis-net.it --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Edward Monteiro: "Re: RPC ports on Win2k"
- In reply to: Jack Solomon: "Statistics"
- Next in thread: Steve: "Re: Statistics"
- Reply: Steve: "Re: Statistics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
