Educause Security Discussion mailing list archives

Re: Cost!

From: Dewitt Latimer <dewitt () ND EDU>
Date: Wed, 16 Jun 2004 17:44:22 -0500

I did hear an interesting (but unverified fact) the other day from a security expert doing the national tour thing.  He 
said the average corporate 500 organization spends more on coffee than it does on IT Security.

-d

  ----- Original Message ----- 
  From: Lois Lehman 
  To: SECURITY () LISTSERV EDUCAUSE EDU 
  Sent: Wednesday, June 16, 2004 10:27 AM
  Subject: Re: [SECURITY] Cost!

  Those are great links!  Thanks!

  Lois Lehman

  College Network Security Manager

  Physical Sciences Computer Support Manager

  College of Liberal Arts & Sciences

  Arizona State University

  480-965-3139

  -----Original Message-----
  From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Murphy, 
James
  Sent: Wednesday, June 16, 2004 7:51 AM
  To: SECURITY () LISTSERV EDUCAUSE EDU
  Subject: Re: [SECURITY] Cost!

  Tim,

  These links are just the kinds of Iinks have been looking for!  Thanks very much!

  Jim

  James C. Murphy, MSIS, CISSP, GSEC 
  Information Security Analyst
  UNC Health Care System
  211 Friday Center Drive, Suite 2091
  Chapel Hill, NC 27517
  ph: 919.843.0358  fx: 919.966.1053
  jcmurphy () unch unc edu 

  -----Original Message-----
  From: Tim Platt [mailto:tplatt () BEADWINDOW COM]
  Sent: Wednesday, June 16, 2004 9:53 AM
  To: SECURITY () LISTSERV EDUCAUSE EDU
  Subject: Re: [SECURITY] Cost!

  Jim,

  Here are some interesting links:

  http://www.wholesecurity.com/threat/cost_of_worms.html

  http://www.securitystats.com 

  http://digitalhome.securespeed.cc/security_stats.htm 

  http://nersp.nerdc.ufl.edu/~dicke/vwsc.html  

  Tim Platt

  znq3

  -----Original Message-----
  From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Murphy, 
James
  Sent: Wednesday, June 16, 2004 9:31 AM
  To: SECURITY () LISTSERV EDUCAUSE EDU
  Subject: [SECURITY] Cost!

  Does anyone have any current or recent documentation on the cost of the *lack* of adequate information security, or 
pointers to papers that describe the cost?  I'm especially looking for the negative costs - down time or idle time 
(equating to lost work time), lost data/information, bad press or reputation damage, etc.  I know that some of these 
are difficult to specify an exact dollar amount, but I am trying to get some general ideas.  I will certainly be 
scanning websites - SANS, CERT, etc., but I would not be surprised that this community has tons of resources at its 
collective fingertips!

  Thanks in advance,

  Jim

  James C. Murphy, MSIS, CISSP, GSEC 
  Information Security Analyst
  UNC Health Care System
  211 Friday Center Drive, Suite 2091
  Chapel Hill, NC 27517
  ph: 919.843.0358  fx: 919.966.1053
  jcmurphy () unch unc edu 

  ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found 
at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion 
Group discussion list can be found at http://www.educause.edu/cg/.

  ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found 
at http://www.educause.edu/cg/.********** Participation and subscription information for this EDUCAUSE Discussion Group 
discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Cost! Murphy, James (Jun 16)
- <Possible follow-ups>
- Re: Cost! Tim Platt (Jun 16)
- Re: Cost! Murphy, James (Jun 16)
- Re: Cost! Lois Lehman (Jun 16)
- Re: Cost! Dewitt Latimer (Jun 16)
- Re: Cost! Eli Dart (Jun 16)
- Re: Cost! Professor George Davida (Jun 17)
- Re: Cost! Murphy, James (Jun 17)