Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 11 Feb 2009, Dan Ritter wrote:

> I lied. It's actually worth that much to you, multiplied by the
> number of times you need it.
> If it costs your company $10,000 a day to be without this
> system, and it would happen two days a year, then you can
> justify $19,999 each year on backup systems and procedures.

Back when I was working on getting my CISSP the books had the same 

Single Loss Expectancy (SLE) * Annual rate of occurance (ARO) = Annual 
Loss Expectancy (ALE)

Any security control that lowers your ALE by more than the cost of the 
control itself is worth implementing.  Anything else is a waste of money.

That's about the point where I realized that there was very little 
difference between upper management in a security group and an insurance 
company ;)

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /