Security Basics mailing list archives

RE: financial loss estimates?

From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Wed, 5 Oct 2011 15:54:57 -0400

My ten cents: do not forget various laws and regulations, from federal like SOX and to Massachusetts 201 CMR 17.00. 
When it comes to authorities, impact of an audit could vary from almost nothing to very significant. Plus, legal 
litigations. While TJX or a bank can afford all following and will survive, small fish will die.

Mikhail A. Utin, CISSP
Information Security Analyst

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adam Pal
Sent: Wednesday, October 05, 2011 3:24 PM
To: fire0088 () fmail com
Cc: security-basics () securityfocus com
Subject: Re: financial loss estimates?

Hello Fire0088,


Personaly i consider this task being dificult up to impossible. Why?
Because companies does not like to list/share such kind of impacts as it would lead to increase the financial damage.
I use to consider 2 factors when i talk about impacts you named
bellow:
- the financial impact of the incident itself (costs for change bank accounts, exchange credit cards, inform employees, 
etc)
- the financial impact caused to the image of the company

The first one is calculable while the 2nd one ist not, having a good PR could save you but depending on the propagation 
it could be critical for your company.


--
Best regards,
 Adam Pal   

Wednesday, October 5, 2011, 4:05:16 AM, you wrote:

<==============Original message text===============
ffc> I'd like some of the findings I've reported to be converted into a 
ffc> more manager friendly metric (there are three things a manager 
ffc> focuses on: moving up the corporate ladder, pretty charts and money).

ffc> Are there industry standard rates, or case studies on the true cost 
ffc> to a business for a data breach?

ffc> Specifically, i'm looking for the impact from a data breach 
ffc> involving financial information (bank accounts, loan info, credit 
ffc> card numbers, ect), social security numbers, and employee IDs.

ffc> Thanks

ffc> -------------------------------------------------------------------
ffc> ----- Securing Apache Web Server with thawte Digital Certificate In 
ffc> this guide we examine the importance of Apache-SSL and who needs an 
ffc> SSL certificate.  We look at how SSL works, how it benefits your 
ffc> company and how your customers can tell if a site is secure. You 
ffc> will find out how to test, purchase, install and use a thawte 
ffc> Digital Certificate on your Apache web server.
ffc> Throughout, best practices for set-up are highlighted to help you 
ffc> ensure efficient ongoing management of your encryption keys and digital certificates.

ffc> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
ffc> be442f727d1
ffc> -------------------------------------------------------------------
ffc> -----


<===========End of original message text===========



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

financial loss estimates? fire0088 (Oct 05)
- RE: financial loss estimates? Michael_Campeau (Oct 05)
- Re: financial loss estimates? Adam Pal (Oct 05)
  - RE: financial loss estimates? Mikhail A. Utin (Oct 05)
    - Re: financial loss estimates? Jeffrey Walton (Oct 05)
- Re: financial loss estimates? Michal Zalewski (Oct 05)
- Re: financial loss estimates? Jeffrey Walton (Oct 11)