Hi, Check http://www.riptech.com/newsevents/release020708.html. This organisation states that a company gets about 32 attacks a week. I believe this includes virus attacks and stuph like that, and I'm not sure these figures are accurate, but I think this is an alarming number. If only one on a hundred attacks succeeds that would mean one serious attack every three to four weeks. Maybe this will help convincing people to invest in security.
Martijn Dunnebier C-it B.V. www.c-it.nl -----Original Message----- From: Infosec Risks [mailto:[EMAIL PROTECTED]] Sent: donderdag 11 juli 2002 10:54 To: [EMAIL PROTECTED] Subject: risk evaluation & risk management Hi, I am quite new to the list but I find many of your discussions quite interesting. At the moment I am working and researching in the field of infosec risk evaluation and risk management. Can anybody help me find some useful links, papers, thesis, tools, anything useful in this field? My idea is to try prove to the IT management in a company they need to invest certain amount of money into the protection of their most valuable assets/information systems. Sometimes it is hard to evaluate the real value of information/assets processed in a company. How to quantify the risks and in the end how can be the identified risks met? The goal is to provide BS7799 compliance of the security policy but again - the most feasible. Most likely companies should not invest more money into their information security than the value of the possible loss is (in case of an incident)? Thanks for your help. BR, Sand@ __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
