Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Security
F E A T U R E  
Control the Keys to the Kingdom

  September 2, 2002
  By Mike Fratto


>> continued from previous page

Make Your Case

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 It's All About Risk
arrow
 A Risk-Based Policy
arrow
 Executive Summary
arrow
 Cost Factor Gotchas
arrow
 Make Your Case
arrow
 Online Only: Password Woes? Look to the User
arrow
 Epoll Results

It would be a challenge to come up with a payback analysis to justify a unified-authentication-management investment, because there isn't necessarily a direct monetary return. Rather, what you get with stronger authentication and authentication management are:

• Reduced risk that outside attackers will steal and exploit user accounts and passwords,

• Assurance that users at all levels are being properly authenticated, and

• Reduced likelihood that insiders will impersonate others to gain unauthorized access to resources.

Finally, note that a strong, enforced authentication policy provides the foundation for building access-control systems for internal and external users. If you'd like to attempt calculating the return on your security investment, try this:

(R-E) + T = ALE, R-ALE = ROSI

R =the cost per year to recover from an intrusion

E = the savings gained by stopping the intrusion

T = the cost of the intrusion detection tool

ALE = the Annual Loss Expectancy

ROSI = Return On Security Investment

A University of Idaho team developed the above equation to find a security investment ROI (see www.csds.uidaho.edu/director/costbenefit.pdf). While the formula is pretty straightforward, it's difficult to define "E," the savings gained by stopping the intrusion. To do that you need to figure out what your data is worth. Sometimes that is well known, sometimes not. Next, you need to figure out "R." Recovery costs too are difficult to nail down--they depend on your environment and your exposure to attack. Once "E" and "R" are determined, the rest is just arithmetic. This equation, when used properly, can be a compelling tool to sell security investments to upper management. For a more in depth look at risk assessment, check out "Risk Assessment Strategies".


start top   Cost Factor Gotchas Online Only: Password Woes? Look to the User 

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Data Centers Gone Wild
February 22, 2010
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll