> "It's ok we're behind a firewall" Well, depending on the issue, that may be a valid answer, particularly when qualified w/ other security mechanisms.
> 1. Still a large majority of computer crime (data theft > damage etc) is caused by people who have access to > internal systems ... is there anywhere that I can get > facts and figures to support this? The CSI/FBI survey usually says this...but I'm not really convinced. Take into account the method of information gathering...it's a survey, rather than data collected from actual cases. Looking at the spate of worms that have far-reaching success (CR, Nimda, Slammer) one has to really look hard at the respondant's capability to accurately detect and then resolve security incidents. However, the numbers are there, if you need them. > 3. Firewalls can be breached or misconfigured ... Most folks in the security arena understand this. And, of course, it's proven time and again. > 4. Firewalls can be bypassed - You're correct. That's why there needs to be a layered approach to security. I work for a small company, and we have A/V on the email server, as well as the desktops. > Are there any sites out there with the facts and > figures about internal exploits and cautionary tales > about disgruntled employees or IT savvy nighttime > cleaners? If you're able to find anything, please post it in the lists. Most of what I've seen so far has been anecdotal at best. Unfortunately those kinds of specifics just don't seem to be made public...for more reasons than I'd like to go into. __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/