Corporate security

CyberSecurity Risk – The Unvarnished Truth (for Tripwire State of Security)

These are two striking recent examples which have one thing in common…risk. There is no consensus on the real level of cybersecurity risk we are living with, because data sets and ways to calculate risk vary from firm to firm.

Consider this hypothetical example by Jason Spaltro (Sony’s then executive director of information security) in a 2007 article:

A company relies on legacy systems to store and manage credit card transactions for its customers. The cost to harden the legacy database against a possible intrusion could come to $10 million, he says. The cost to notify customers in case of a breach might be $1 million. With those figures, says Spaltro, “it’s a valid business decision to accept the risk” of a security breach. “I will not invest $10 million to avoid a possible $1 million loss,”

Ari Schwartz, a privacy expert at the Center for Democracy and Technology thought that short-sighted; 
“The cost of notification is only a small part of the potential cost to a company. Damage to the corporate brand can be significant. And if the FTC rules that the company was in any way negligent, it could face multimillion-dollar fines.”
 So how do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions? The holy grail: Unpicking the web of data to insure against uneconomic to mitigate risks and fix the rest…

If you would like to read more you can find the full article HERE

Want to add to the discussion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s