RE: The Future of Security

["R. DuFresne" <dufresne () sysinfo com>]

On Fri, 3 Dec 1999, Scott, Richard wrote:

>       --  Gary wrote:
>       >..<snip>...
>       >Now before anyone lights the flame throwers, I think it fair to say
> that
>       >there has been a lot of poor quality work done in the past, and the
>       >complaints come from everywhere you look.  It is not focused on one
> industry
>       >segment, or about one firm doing the dirty deed etc.  The problem
> is that
>       >when mediocre work is performed at the fortune 500 level, the
> trickle down
>       >effect is that we all get a black eye.  So that is why I think that
> the
>       >market will force so called experts to do a better job.
>       >...<snip>...
>
>         I'm interested here about where you say "complaints come from
> everywhere
>       you look."
>         From "inside" (e.g: this mailing list, the Usenix Security
> conference,
>       etc. - where the techies are found) - the perspective is that the
> "poor
>       quality" comes from things like the InfoSec division of a brand name
> big
>       accounting firm sending out an intern with a laptop loaded with ISS
> (or
>       some other security scanner) to do an audit of a client.  The
> network
>       and system administrators at the client see this and are chuckling
>       over their coffee or Mt. Dews about the yoo-yoo sent out to do the
> audit.
>       This is the *stereotype* of poor quality from the techie viewpoint.
>         Do you think management - whose eyes glaze over when the techies
> walk
>       into the room - also think there is rampant poor quality in the
> Computer
>       Security racket ?  What drives their perceptions ?
>
>         Yours in asking for hundreds of dollars per hour without blinking,
>
>         - Randy
>        -
>
>       I would like to add to this thread.  I think companies budget for
> what they know, and many huge companies do in fact ignore security.  After
> all, why not, a web defacement here, and a defacement there, after a few
> days the site is back up.  Since e-commerce is such an infancy in terms of
> market development and revenue, senior management will not consider it a
> money decider.  Now if we switched the roles, make e-commerce a huge market,
> where the annual turn over is billions and billions of pounds.  An outage of
> a day due to a web defacement may turn heads.  Lost revenues, loss in
> consumer confidence and more.  What I would like to see is a report on
> current web defacement, their impact on the sites customers, whether they
> refuse to go to the site again because it was insecure, or whether they use
> the site again, believe that the site is now secure. Also how much revenue
> was lost, or more so, how much of a market share did a site lose from the
> outage.  Did customer information get downloaded, what did the clients
> think?
>
>       Does anyone have any statistics on this?

These local stories suggest that e-commerce, tough, admittidly in it's
infancy, is already a bigger business realm then then your estimating:

http://www.startribune.com/stOnLine/cgi-bin/article?thisSlug=HUT03&date=03-Dec-1999&word=commerce&word=e

Analysts have predicted that holiday sales over the Internet will
at least double to $6 billion this year.  Forrester Research of
Boston estimates that $4 billion of that total will occur between
Thanksgiving and Christmas, and traffic was indeed heavy last
weekend. According to Nielsen NetRatings,
4.6 million home surfers flooded e-commerce sites on Sunday
of Thanksgiving weekend, a 30 percent increase over the
preceding Wednesday.

http://www.startribune.com/stOnLine/cgi-bin/article?thisSlug=B2B06&date=06-Dec-1999&word=commerce&word=e

International Data Corp., a Massachusetts-based research firm,
said buying online could save businesses up to $103 billion by
2003. Forrester Research projects the B2B e-commerce
market will grow to about $1.3 trillion by 2003, up from $43
billion in 1998 and exceeding business-to-consumer commerce
by nine-to-one.


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!