mitch at ccmr.cornell.edu
Mon Feb 24 17:06:27 GMT 2003
> > Her conclusion though was that the really costly incidents were the
> > ones where the techies got interested in "what happened here?" and
> > spent lots of time analyzing the exploit, forensics, et al. Secondary
> > conclusion: if you want to save $$ don't do this; when a system is
> > cracked, wipe, reinstall, get back to business, let it go.
> That is a fine strategy--as long the much maligned "techies" have no
> responsibilities either for assessing the extent of the damage, nor for
> preventing a recurrence.
This could be a flaw in the approach of the project. When the metric
you're trying to measure is cost/incident, these factors are just sources
of extra cost. Never mind the fact they may lead to fewer incidents
down the road, thus reducing *total cost*.
More information about the unisog