[516] in Intrusion Detection Systems
Re: Intrusions
daemon@ATHENA.MIT.EDU (Ira S. Winkler)
Tue Jan 30 22:15:07 1996
Date: Tue, 30 Jan 96 09:40:33 EST
From: winkler@c3i.saic.com (Ira S. Winkler)
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
When you conduct a thorough risk assessment, you have to look at the threats
and vulnerabilities by default. I tend to believe that vulnerabilities are
more important to consider than threats, in most cases, because threats would
be irrelevant if there are no vulnerabilities. It is true that vulnerabilities
would be irrelevant without threats, but if you have anything of value than
there will be a threat.
The big question becomes how much money do you want to put towards
countermeasures, which is dependent upon the value of your information and
the value of the services dependent upon your information resources.
Ira
[Quoted Article Deleted]
