[unisog] justification

Mitch Collinsworth mitch at ccmr.cornell.edu
Mon Feb 24 17:06:27 GMT 2003


> > Her conclusion though was that the really costly incidents were the
> > ones where the techies got interested in "what happened here?" and
> > spent lots of time analyzing the exploit, forensics, et al.  Secondary
> > conclusion: if you want to save $$ don't do this;  when a system is
> > cracked, wipe, reinstall, get back to business, let it go.
>
> That is a fine strategy--as long the much maligned "techies" have no
> responsibilities either for assessing the extent of the damage, nor for
> preventing a recurrence.

This could be a flaw in the approach of the project.  When the metric
you're trying to measure is cost/incident, these factors are just sources
of extra cost.  Never mind the fact they may lead to fewer incidents
down the road, thus reducing *total cost*.

-Mitch



More information about the unisog mailing list