Report

February 2002

IT Security Fails -- Now What?

Laura Koetzle 		All information technology security can be broken, but effective response to incidents will limit damage. Firms must collect data to build cases for incident response, follow known best practices, and look outside for help.

INTERVIEWS
  • 60% of firms don't know what security incidents cost them.
  • Without funding, IT staff assemble ad hoc response teams.
ANALYSIS
  • Experts discovered 30 new vulnerabilities per week in 2001.
  • Firms must collect hard data to break incident response's vicious cycle of underfunding.
  • Firms can build effective incident response for just $98,000.
ACTION
  • Consultants must partner with cyber-risk insurers.
WHAT IT MEANS
  • Security personnel's marriages founder.
 
Figures & Data
  • Figure 1.  System Outages Cause Serious Business Disruptions
  • Figure 2.  Firms Can't Quantify Incident Response Costs
  • Figure 3.  Few Firms Budget For Incident Response
  • Figure 4.  Incident Response Teams Are Internal, Ad Hoc, And IT-Centric
  • Figure 5.  Model: Collecting Incident Response Data
  • Figure 6.  The Virtuous Cycle Of Incident Response
  • Figure 7.  Model: The Cost Of Incident Response
   
RELATED MATERIAL 
  • Online Resources
  • Companies Interviewed For This Report
  • Related Research
 
GRAPEVINE
  • Asia gives good SIs a bad name.
  • There will be no credit for "The dog ate my password."
  • Geeks in love.
  • OK, that's just creepy.

 

Find Documents In Related Categories

This document falls under the following categories. Click on a link below to find similar documents.

 
Analyst: Laura Koetzle
Special Feature: Models
Document Type: Report

Special Features

2 Models

Manipulable market sizing or cost spreadsheets

corner border corner
Ratings and Comments
NOT YET RATED
corner border corner