home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Security
F E A T U R E  
Control the Keys to the Kingdom

  September 2, 2002
  By Mike Fratto


>> continued from previous page

Make Your Case

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 It's All About Risk
arrow
 A Risk-Based Policy
arrow
 Executive Summary
arrow
 Cost Factor Gotchas
arrow
 Make Your Case
arrow
 Online Only: Password Woes? Look to the User
arrow
 Epoll Results

It would be a challenge to come up with a payback analysis to justify a unified-authentication-management investment, because there isn't necessarily a direct monetary return. Rather, what you get with stronger authentication and authentication management are:

• Reduced risk that outside attackers will steal and exploit user accounts and passwords,

• Assurance that users at all levels are being properly authenticated, and

• Reduced likelihood that insiders will impersonate others to gain unauthorized access to resources.

Finally, note that a strong, enforced authentication policy provides the foundation for building access-control systems for internal and external users. If you'd like to attempt calculating the return on your security investment, try this:

(R-E) + T = ALE, R-ALE = ROSI

R =the cost per year to recover from an intrusion

E = the savings gained by stopping the intrusion

T = the cost of the intrusion detection tool

ALE = the Annual Loss Expectancy

ROSI = Return On Security Investment

A University of Idaho team developed the above equation to find a security investment ROI (see www.csds.uidaho.edu/director/costbenefit.pdf). While the formula is pretty straightforward, it's difficult to define "E," the savings gained by stopping the intrusion. To do that you need to figure out what your data is worth. Sometimes that is well known, sometimes not. Next, you need to figure out "R." Recovery costs too are difficult to nail down--they depend on your environment and your exposure to attack. Once "E" and "R" are determined, the rest is just arithmetic. This equation, when used properly, can be a compelling tool to sell security investments to upper management. For a more in depth look at risk assessment, check out "Risk Assessment Strategies".


start top   Cost Factor Gotchas Online Only: Password Woes? Look to the User 





Looking for a new job?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
IT Jobs Stabilize; Tech Unemployment Rate 5.5%
The tumbling of IT jobs stopped in the second quarter, as the IT sector added about 44,000 jobs.

Oracle Execs See First Hints Of IT Spending Turnaround
It's just a glimmer, but Oracle is starting to see a bit of light at the end of the recession tunnel.

More articles from our career center










2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProNET Total Dev Pro CommunitySQL Total Dev Pro Community
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2009  United Business Media LLC  |  Privacy Statement  |  Terms of Service