 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, 11 Feb 2009, Dan Ritter wrote: > I lied. It's actually worth that much to you, multiplied by the > number of times you need it. > > If it costs your company $10,000 a day to be without this > system, and it would happen two days a year, then you can > justify $19,999 each year on backup systems and procedures. Back when I was working on getting my CISSP the books had the same equation. Single Loss Expectancy (SLE) * Annual rate of occurance (ARO) = Annual Loss Expectancy (ALE) Any security control that lowers your ALE by more than the cost of the control itself is worth implementing. Anything else is a waste of money. That's about the point where I realized that there was very little difference between upper management in a security group and an insurance company ;)
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
