Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
F E A T U R E  
Control the Keys to the Kingdom

  September 2, 2002
  By Mike Fratto


>> continued from previous page

Make Your Case

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 It's All About Risk
arrow
 A Risk-Based Policy
arrow
 Executive Summary
arrow
 Cost Factor Gotchas
arrow
 Make Your Case
arrow
 Online Only: Password Woes? Look to the User
arrow
 Epoll Results

It would be a challenge to come up with a payback analysis to justify a unified-authentication-management investment, because there isn't necessarily a direct monetary return. Rather, what you get with stronger authentication and authentication management are:

• Reduced risk that outside attackers will steal and exploit user accounts and passwords,

• Assurance that users at all levels are being properly authenticated, and

• Reduced likelihood that insiders will impersonate others to gain unauthorized access to resources.

Finally, note that a strong, enforced authentication policy provides the foundation for building access-control systems for internal and external users. If you'd like to attempt calculating the return on your security investment, try this:

(R-E) + T = ALE, R-ALE = ROSI

R =the cost per year to recover from an intrusion

E = the savings gained by stopping the intrusion

T = the cost of the intrusion detection tool

ALE = the Annual Loss Expectancy

ROSI = Return On Security Investment

A University of Idaho team developed the above equation to find a security investment ROI (see www.csds.uidaho.edu/director/costbenefit.pdf). While the formula is pretty straightforward, it's difficult to define "E," the savings gained by stopping the intrusion. To do that you need to figure out what your data is worth. Sometimes that is well known, sometimes not. Next, you need to figure out "R." Recovery costs too are difficult to nail down--they depend on your environment and your exposure to attack. Once "E" and "R" are determined, the rest is just arithmetic. This equation, when used properly, can be a compelling tool to sell security investments to upper management. For a more in depth look at risk assessment, check out "Risk Assessment Strategies".


start top   Cost Factor Gotchas Online Only: Password Woes? Look to the User 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers