Costs of a compromise related to the detection time

[Konrad Rieck <rieck () inf fu-berlin de>]

Hi, 

I am doing a study on Intrusion Detection Systems at the Free University
of Berlin. In order to underline the motivation for integrating an 
IDS into an existing system, I would like to add some details about 
the relation between compromise/attack detection and the resulting
costs.

e.g. 
    immediate detection     =>   xxx $ costs
    detection after an hour =>  xxxx $ costs
              after a day   => xxxxx $ costs 
              after a week  => priceless ;)

I am not sure if there are any publications describing this relation, 
but I recall a post on bugtraq that contained something similar. If
anyone on this list knows a little bit more, please let me know. 

With best Regards,
Konrad Rieck

-- 
 Konrad Rieck <rieck () inf fu-berlin de>
 http://www.inf.fu-berlin.de/~rieck