[526] in Intrusion Detection Systems
Advice for Risk Assessment consultant (was Re: Intrusions)
daemon@ATHENA.MIT.EDU (Dale Whiteaker-Lewis)
Thu Feb 1 00:33:42 1996
Date: Wed, 31 Jan 1996 09:09:14 -0600 (CST)
From: Dale Whiteaker-Lewis <dalewl@radian.com>
To: ids@uow.edu.au
In-Reply-To: <9601301440.AA02689@willow.c3i.saic.com>
Reply-To: ids@uow.edu.au
Speaking of risk assessment, my company is looking for qualification
statements from consultants prepared to do a thorough risk assessment of
the computing practices of an international environmental consulting
company. Does anybody have any leads to this sort of consultant or (more
importantly) recommendations for a particular consultant? Your help
would be most appreciated.
On Tue, 30 Jan 1996, Ira S. Winkler wrote:
> When you conduct a thorough risk assessment, you have to look at the threats
> and vulnerabilities by default. I tend to believe that vulnerabilities are
> more important to consider than threats, in most cases, because threats would
> be irrelevant if there are no vulnerabilities. It is true that vulnerabilities
> would be irrelevant without threats, but if you have anything of value than
> there will be a threat.
>
> The big question becomes how much money do you want to put towards
> countermeasures, which is dependent upon the value of your information and
> the value of the services dependent upon your information resources.
>
> Ira
>
> [Quoted Article Deleted]
