Re: Costs of a compromise related to the detection time

[Scott Wimer <scottw () cylant com>]

A group at the University of Idaho in Moscow, Idaho has done some work 
in this direction.  Here's a link to their paper on this.


http://www.csds.uidaho.edu/director/costbenefit.pdf

Konrad Rieck wrote:
> Hi, 
>
> I am doing a study on Intrusion Detection Systems at the Free University
> of Berlin. In order to underline the motivation for integrating an 
> IDS into an existing system, I would like to add some details about 
> the relation between compromise/attack detection and the resulting
> costs.
>
> e.g. 
>     immediate detection     =>   xxx $ costs
>     detection after an hour =>  xxxx $ costs
>               after a day   => xxxxx $ costs 
>               after a week  => priceless ;)
>
> I am not sure if there are any publications describing this relation, 
> but I recall a post on bugtraq that contained something similar. If
> anyone on this list knows a little bit more, please let me know. 
>
> With best Regards,
> Konrad Rieck

--
Scott M. Wimer, CTO                      Cylant
www.cylant.com                           121 Sweet Ave.
v. (208) 883-4892                        Suite 123
c. (208) 850-4454                        Moscow, ID 83843
There is no Security without Control.