Hosting Provided By

Re: Web App Sec ROI

From: <securityarchitect(at)hush.com>
Date: Sat Nov 30 2002 - 14:13:10 EST

Hmmm....maybe so for a mom and pops fish and bait shop but not for a real e-commerce site.

Heres my thinking of some of the steps that need to take place;

Investing incident and drafting writen report and recomendation Invoking the incident response team
Reporting to senior management
Invoking corporate communications to prepare press statement Report to FBI
Determine and recomend appropriate fix
Incident response team agree appropriate plan of action Investigate incident (source etc)
Intigate fix
Test fix in dev
Test fix in QA
Test Fix in Pre-Prod
Fix in Prod
De-Brief

And thats just of the top of my head.

The best reports I have seen that make really good reading are from GOCSI and SANS.

www.gocsi.com/press/20020407.html

says 223 companies reported $455,848,000 costs in losses.

Do you need help?

This SANS report http://rr.sans.org/malicious/cost_code.php references some great reports that say $1 in prevention will save on average between $100 to $1000 in incidents.

On Sat, 30 Nov 2002 09:40:16 -0800 zeno <bugtraq@cgisecurity.net> wrote:
>>
>> In the same light as the Web App Sec Top Ten, does anyone know

Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received on Sat Nov 30 14:16:57 2002

This message: [ Message body ]
Next message: Mark Curphey: "Re: Top Ten Web App Sec Problems"
Maybe in reply to: Mark Curphey: "Web App Sec ROI"
In reply to zeno: "Re: Web App Sec ROI"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT