nanog mailing list archives
Re: How to get better security people
From: batz <batsy () vapour net>
Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST)
On Mon, 25 Mar 2002, Sean Donelan wrote: :Customers need to let companies know that security and responsiveness :affects their purchasing decisions. I think some companies are getting :the message. But in today's market, with tight budgets and layoffs, :security is often viewed as overhead. The mantra at the consulting firms I have had conversatons with is showing ROI for security services. I think that much of the value in security services to date has been in the anti-virus field. The reason for this is that one can easily measure and express the costs saved by being immune to a particular virus or worm, which might have cost a day or more of business. Contrasted with the number of new virus reports affecting M$ products on a daily basis, the value is pretty easy to see. It can be difficult to show the returned value of auditing acl's, or implementing an IDS infrastructure, despite the profound importance of doing so. Nimda and CodeRed were excellent indicators of how a good security policy can be a competetive edge during (increasingly common) global incidents. Hopefully we will see more security folks pressing this message, and more decision makes hearing it. :A lot of providers are lucky :if they have one network engineer who does security stuff in her spare :time. Full-fledge security departments are rare. This is where managed security services are gaining popularity. Regardless of the technical merits of assembling some COTS solutions and generating periodic reports, it can be more cost effective than hiring CCSP/GIAC/CISSP's at $60-90k USD a pop, while still operating with some reasonable level of assurance that your infrastructure is being monitored. -- batz
Current thread:
- Re: PacBell Security/Abuse contact, (continued)
- Re: PacBell Security/Abuse contact Daniel M. Spielman (Mar 25)
- Re: PacBell Security/Abuse contact Jeremy T. Bouse (Mar 25)
- Message not available
- Re: PacBell Security/Abuse contact Daniel M. Spielman (Mar 25)
- Re: PacBell Security/Abuse contact Todd Suiter (Mar 25)
- Re: PacBell Security/Abuse contact Daniel M. Spielman (Mar 25)
- Re: PacBell Security/Abuse contact Daniel M. Spielman (Mar 25)
- Re: PacBell Security/Abuse contact Walter Prue (Mar 25)
- RE: PacBell Security/Abuse contact Cheung, Rick (Mar 25)
- Re: PacBell Security/Abuse contact Jon Mansey (Mar 25)
- Re: PacBell Security/Abuse contact Patrick (Mar 25)
- RE: PacBell Security/Abuse contact Eric Whitehill (Mar 25)
- How to get better security people Sean Donelan (Mar 25)
- Re: How to get better security people batz (Mar 26)
- Re: How to get better security people E.B. Dreger (Mar 26)
- Re: PacBell Security/Abuse contact Jon Mansey (Mar 25)
- Re: PacBell Security/Abuse Contact Eric Brandwine (Mar 25)
- Re: PacBell Security/Abuse Contact Sean Donelan (Mar 25)
- RE: PacBell Security/Abuse contact Todd Suiter (Mar 25)