Re: Breach Impact Calculator

[Graham Toal <gtoal () UTPA EDU>]

> SearchSecurity.com has an interesting privacy impact 
> calculator they posted online.  You can punch some numbers in 
> and get an estimate for how much it will cost your 
> organization to recover from a breach:
>
> http://tinyurl.com/z67vc 

I don't even have to run it to know that it will give a
huge number for even the smallest breach.  All of these
cost calculators (cost of spam, cost of virtualization, etc)
err on the high side by a couple of orders of magnitude
to make some expensive thing seem worthwhile (anti-spam
appliance, vmware server, hiring a security consultant...)

Everyone has an interest it making security breaches seem
expensive.  It brings more money to your department if you
do it.  The classic case was the AT&T E911 document which
they sold for $13 that was reported as being worth $80K.

(Which is about the right rate of markup for any of these
calculators - take the answer and divide by 6000 :-)   )

G