Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: concerning ~el8 / project mayhem

From: Dave Piscitello <dave () corecom com>
Date: Mon, 19 Aug 2002 12:55:14 -0400
I don't get this.
If I showed my client that they'd been victim to 25 vulnerabilities, and the cumulative cost of the exploits was $6.4M, I'd get his attention fast.
I think the point you might make is that it's comforting for a client who has no security clue to see a large report showing all the many problems his company had *before* you audited its network, and then showing that same client a very much smaller list showing the results of your tireless effort to eliminate the vulnerabilites through patching and re-configuration.
"It was dangerous and now it's safe" is much easier for a 3rd party to sell than it is for a security insider to sell "The reason we haven't had an incident in the past 6 months is because we've used our copious security budget to keep the network safe" 

At 03:13 AM 8/18/2002 -0400, Paul D Robertson wrote:
Showing that there were 2,500 new vulnerabilities last year gets people budgets 
for security, showing 25 of them actually being used doesn't.



David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: