[84394] in North American Network Operators' Group
Re: DHS Cyber Security Investment Study
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Sep 12 15:11:46 2005
To: "Rowe, Brent" <browe@rti.org>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Mon, 12 Sep 2005 13:39:56 EDT."
<6EBC78C86C29984EB03E79FD874D9E1C010ADB39@rtpwexc05.RCC_NT.RTI.ORG>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 12 Sep 2005 15:11:16 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1126552276_2852P
Content-Type: text/plain; charset=us-ascii
On Mon, 12 Sep 2005 13:39:56 EDT, "Rowe, Brent" said:
> clear that I are not interested in learning the makeup of your IT
> infrastructure, the IT policies and procedures your organization
> employs, the number of breaches you have each year, or any other
> sensitive information related to your organization's IT security.
> Instead, I am interested in discussing the information you use to decide
> how much to spend on various IT security-related activities and what
> information you are collecting (and using) from your IT system
> operations.
Any attempt at trying to analyze information about budget allocations
without at least some understanding of the IT policies is probably doomed
to failure. At least in our shop, there are things we track in a very
anal-retentive fashion, and information we don't bother collecting, *because*
our policies say the first is important and the second one is ignorable.
For instance, if I told you how many hundreds of dollars we spent on perimeter
firewalls last year, you'd be totally dazed and confused unless you understood
our thinking regarding perimeter firewalls. (And yes, "hundreds" is the right
units, and yes, we know what we're doing, and no, I don't want to hear how
we're nuts. It works *in our environment, YMMV...:)
--==_Exmh_1126552276_2852P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFDJdLUcC3lWbTT17ARAkCbAJ9bHtzcHseVikME6qlT01wj1DThxwCfaPfj
LoDqzi/N7YkgmPU6Ci7Zeo4=
=x2Ic
-----END PGP SIGNATURE-----
--==_Exmh_1126552276_2852P--
