Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Recent Attacks

From: andrew.c.howard () exxon com
Date: Fri, 18 Feb 2000 16:43:40 -0600
If you were doing a risk assessment on your system and deciding whether to put in a firewall, you would look at how 
much business/customers/money would be lost if you had no firewall and somebody came in and took down your system.  If 
the loss is greater than the cost of the firewall, then the firewall would go in.  If the business/customers/money is 
lost before even getting to your system, I think that loss is something that should be considered.  And, now that it 
has happened, it should be controlled/mitigated, if your risk assessment so dictates.

Further, I think it is legitimate to try and recover such losses.  With the amounts being tossed about here, no need to 
be "exact".  Let's recover only 1 billion instead of 1.2.... close is pretty good in this case.

-------- Andy Howard ------
ANDREW.C.HOWARD () EXXON COM


 
It's not (IMO) fair to try to charge for potential lost customers.
There's no way to tell exactly how much business would have been done,
whether the customers came back later to buy the same item, etc..
Previous By Date Next
Previous By Thread Next

Current thread: