[unisog] justification

James Davis james.davis at st-peters.oxford.ac.uk
Mon Feb 24 17:16:10 GMT 2003

> Her conclusion though was that the really costly incidents were the
> ones where the techies got interested in "what happened here?" and
> spent lots of time analyzing the exploit, forensics, et al.  Secondary
> conclusion: if you want to save $$ don't do this;  when a system is
> cracked, wipe, reinstall, get back to business, let it go.
> Not saying I fully endorse this strategy, though it's obvious how this
> conclusion can easily be reached.  Just reporting what I heard.

I've lost the original message but I was thinking about this recently. I'm
not convinced this is a valid conclusion. Is it the "techie"'s interest
that causes the expense or is it the "techie" being more interested in
investigating complex, technical and probably more expensive incidents?


James Davis           \        james.davis at st-peters.ox.ac.uk
St. Peter's College     \
PGP Key ID : 0x7E1F718A   \  http://users.ox.ac.uk/~spet1067/

More information about the unisog mailing list