IDS mailing list archives

Re: Value of IDS, ROI

From: Bob Huber <roberthuberjr () yahoo com>
Date: Tue, 3 May 2005 17:30:38 -0700 (PDT)

The easiest approach would be to quantify the cost of
any worm outbreaks, outages, or compromises you have
already had if you have the data handy, or guesstimate
what the cost of an outage of one of your information
assets would be.

The second thing that is compelling is the fact that
most large companies, depending on their industry,
have legal requirements to have some form of IDS.  For
example, healthcare, insurance have HIPAA, financial
institutions have Graham-Leach-Bliley, FDIC, SEC, OCC,
Sarbanes Oxley etc..  Some of these regulations levy a
fine for lack of controls.

As far as a monitoring strategy, that all depends on
the level of risk you are willing to accept and the
value of your assets/information.  Are you processing
customer data, social security numbers, credit card
numbers, bank accounts, or just hosting a static web
site?  There are a million factors here to contend
with, pick up your nearest CISSP cram book.

Supposing you have something worth protecting, at a
minimum, you should at least look for signs of a
compromise, rather than scans, sweeps and information
probes.  While looking at probes, and reconnaissance
is fun for an IDS geek, if you don't have time, and no
dedicated security staff, just worry about the heavy
hitter events and log everything else so when you DO
have a compromise you at least have the data available
for review.

This is a quick and simplistic view..I'm certain there
are all sorts of articles on the web on such topics,
as well as books.

Bob
--- Jason Patel <patel1210 () yahoo com> wrote:



I was wondering how big companies CIO show their
executives Return of investment on IDS. What is the
monitoring strategy for IDS alerts. I am trying to
figure monitoring strategy and how to show my
executive that how important job this is, but cant
come up with a convincing solution. Anyhelp is
highly appreciated. 

Thanks,

Jason


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Value of IDS, ROI Jason Patel (May 03)
- RE: Value of IDS, ROI Ed Gibbs (May 03)
- Re: Value of IDS, ROI Vladimir Vuksan (May 03)
- Re: Value of IDS, ROI Bamm Visscher (May 04)
  - RE: Value of IDS, ROI Eric Hines (May 06)
    - Re: Value of IDS, ROI Bamm Visscher (May 06)
  - RE: Value of IDS, ROI Pete Lindstrom (May 06)
- <Possible follow-ups>
- Re: Value of IDS, ROI Bob Huber (May 03)
  - RE: Value of IDS, ROI Angel L Rivera (May 04)
- Re: Value of IDS, ROI Jason Patel (May 06)
- RE: Value of IDS, ROI John Forristel (SunGard-Chico) (May 06)
- Re: Value of IDS, ROI Chris Byrd (May 06)
- RE: Value of IDS, ROI Federico Lombardo (May 11)
- RE: Value of IDS, ROI THolman (May 19)
  - RE: Value of IDS, ROI Justin . Ross (May 28)
    - Re: Value of IDS, ROI Jonathan Glass (May 31)