The information technology revolution has changed the way business is transacted, governments operate, and national defense is conducted. Protection of these systems is essential and continuous efforts to protect them have resulted in exponential growth in reported security incidents. There are threats from hackers, spies, corporate raiders, terrorists, professional criminals, and vandals -- all of whom have a vested interest and well defined objectives for challenging the technology for financial and political gain, leading to damages to the enterprise infrastructure.
Expand all |
Post comment
The SLE assumes that an attack was successful. Wherease your "exposure time" seems to reduce the probability of the above from happening, if so then I think it affects the ARO rather than the EF.
Your approach seems too noisy to present to the board or IT directors. Buy-in is essential, you need a pithy version.
Even if I thought "great, sign me up, let's get started" I'd be at a loss, what would I do next?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1896/1039#1039