Firewall Wizards mailing list archives
RE: The Future of Security
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 5 Dec 1999 23:30:33 -0600 (CST)
On Fri, 3 Dec 1999, Scott, Richard wrote:
-- Gary wrote: >..<snip>... >Now before anyone lights the flame throwers, I think it fair to say that >there has been a lot of poor quality work done in the past, and the >complaints come from everywhere you look. It is not focused on one industry >segment, or about one firm doing the dirty deed etc. The problem is that >when mediocre work is performed at the fortune 500 level, the trickle down >effect is that we all get a black eye. So that is why I think that the >market will force so called experts to do a better job. >...<snip>... I'm interested here about where you say "complaints come from everywhere you look." From "inside" (e.g: this mailing list, the Usenix Security conference, etc. - where the techies are found) - the perspective is that the "poor quality" comes from things like the InfoSec division of a brand name big accounting firm sending out an intern with a laptop loaded with ISS (or some other security scanner) to do an audit of a client. The network and system administrators at the client see this and are chuckling over their coffee or Mt. Dews about the yoo-yoo sent out to do the audit. This is the *stereotype* of poor quality from the techie viewpoint. Do you think management - whose eyes glaze over when the techies walk into the room - also think there is rampant poor quality in the Computer Security racket ? What drives their perceptions ? Yours in asking for hundreds of dollars per hour without blinking, - Randy - I would like to add to this thread. I think companies budget for what they know, and many huge companies do in fact ignore security. After all, why not, a web defacement here, and a defacement there, after a few days the site is back up. Since e-commerce is such an infancy in terms of market development and revenue, senior management will not consider it a money decider. Now if we switched the roles, make e-commerce a huge market, where the annual turn over is billions and billions of pounds. An outage of a day due to a web defacement may turn heads. Lost revenues, loss in consumer confidence and more. What I would like to see is a report on current web defacement, their impact on the sites customers, whether they refuse to go to the site again because it was insecure, or whether they use the site again, believe that the site is now secure. Also how much revenue was lost, or more so, how much of a market share did a site lose from the outage. Did customer information get downloaded, what did the clients think? Does anyone have any statistics on this?
These local stories suggest that e-commerce, tough, admittidly in it's infancy, is already a bigger business realm then then your estimating: http://www.startribune.com/stOnLine/cgi-bin/article?thisSlug=HUT03&date=03-Dec-1999&word=commerce&word=e Analysts have predicted that holiday sales over the Internet will at least double to $6 billion this year. Forrester Research of Boston estimates that $4 billion of that total will occur between Thanksgiving and Christmas, and traffic was indeed heavy last weekend. According to Nielsen NetRatings, 4.6 million home surfers flooded e-commerce sites on Sunday of Thanksgiving weekend, a 30 percent increase over the preceding Wednesday. http://www.startribune.com/stOnLine/cgi-bin/article?thisSlug=B2B06&date=06-Dec-1999&word=commerce&word=e International Data Corp., a Massachusetts-based research firm, said buying online could save businesses up to $103 billion by 2003. Forrester Research projects the B2B e-commerce market will grow to about $1.3 trillion by 2003, up from $43 billion in 1998 and exceeding business-to-consumer commerce by nine-to-one. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Re: The Future of Security, (continued)
- Re: The Future of Security Don Helms (Dec 03)
- Re: The Future of Security David LeBlanc (Dec 06)
- Re: The Future of Security Don Helms (Dec 03)
- RE: The Future of Security Crumrine, Gary L (Dec 01)
- RE: The Future of Security Randy Witlicki (Dec 02)
- RE: The Future of Security Eric Budke (Dec 03)
- RE: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security Randy Witlicki (Dec 02)
- Re: The Future of Security Rick Smith (Dec 03)
- Re: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security Scott, Richard (Dec 03)
- RE: The Future of Security Scott, Richard (Dec 05)
- RE: The Future of Security R. DuFresne (Dec 06)
- Re: The Future of Security ark (Dec 06)
- RE: The Future of Security Rick Smith (Dec 06)
- Re: The Future of Security Randy Witlicki (Dec 06)
- Re: The Future of Security David LeBlanc (Dec 06)
- Re: The Future of Security Damir Rajnovic (Dec 07)
- Re: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security LeGrow, Matt (Dec 08)