My ten cents: do not forget various laws and regulations, from federal like SOX and to Massachusetts 201 CMR 17.00. When it comes to authorities, impact of an audit could vary from almost nothing to very significant. Plus, legal litigations. While TJX or a bank can afford all following and will survive, small fish will die.
Mikhail A. Utin, CISSP
Information Security Analyst
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Adam Pal
Sent: Wednesday, October 05, 2011 3:24 PM
To: fire0088 (at) fmail (dot) com [email concealed]
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: financial loss estimates?
Hello Fire0088,
Personaly i consider this task being dificult up to impossible. Why?
Because companies does not like to list/share such kind of impacts as it would lead to increase the financial damage.
I use to consider 2 factors when i talk about impacts you named
bellow:
- the financial impact of the incident itself (costs for change bank accounts, exchange credit cards, inform employees, etc)
- the financial impact caused to the image of the company
The first one is calculable while the 2nd one ist not, having a good PR could save you but depending on the propagation it could be critical for your company.
--
Best regards,
Adam Pal
Wednesday, October 5, 2011, 4:05:16 AM, you wrote:
<==============Original message text===============
ffc> I'd like some of the findings I've reported to be converted into a
ffc> more manager friendly metric (there are three things a manager
ffc> focuses on: moving up the corporate ladder, pretty charts and money).
ffc> Are there industry standard rates, or case studies on the true cost
ffc> to a business for a data breach?
ffc> Specifically, i'm looking for the impact from a data breach
ffc> involving financial information (bank accounts, loan info, credit
ffc> card numbers, ect), social security numbers, and employee IDs.
ffc> Thanks
ffc> -------------------------------------------------------------------
ffc> ----- Securing Apache Web Server with thawte Digital Certificate In
ffc> this guide we examine the importance of Apache-SSL and who needs an
ffc> SSL certificate. We look at how SSL works, how it benefits your
ffc> company and how your customers can tell if a site is secure. You
ffc> will find out how to test, purchase, install and use a thawte
ffc> Digital Certificate on your Apache web server.
ffc> Throughout, best practices for set-up are highlighted to help you
ffc> ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Mikhail A. Utin, CISSP
Information Security Analyst
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Adam Pal
Sent: Wednesday, October 05, 2011 3:24 PM
To: fire0088 (at) fmail (dot) com [email concealed]
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: financial loss estimates?
Hello Fire0088,
Personaly i consider this task being dificult up to impossible. Why?
Because companies does not like to list/share such kind of impacts as it would lead to increase the financial damage.
I use to consider 2 factors when i talk about impacts you named
bellow:
- the financial impact of the incident itself (costs for change bank accounts, exchange credit cards, inform employees, etc)
- the financial impact caused to the image of the company
The first one is calculable while the 2nd one ist not, having a good PR could save you but depending on the propagation it could be critical for your company.
--
Best regards,
Adam Pal
Wednesday, October 5, 2011, 4:05:16 AM, you wrote:
<==============Original message text===============
ffc> I'd like some of the findings I've reported to be converted into a
ffc> more manager friendly metric (there are three things a manager
ffc> focuses on: moving up the corporate ladder, pretty charts and money).
ffc> Are there industry standard rates, or case studies on the true cost
ffc> to a business for a data breach?
ffc> Specifically, i'm looking for the impact from a data breach
ffc> involving financial information (bank accounts, loan info, credit
ffc> card numbers, ect), social security numbers, and employee IDs.
ffc> Thanks
ffc> -------------------------------------------------------------------
ffc> ----- Securing Apache Web Server with thawte Digital Certificate In
ffc> this guide we examine the importance of Apache-SSL and who needs an
ffc> SSL certificate. We look at how SSL works, how it benefits your
ffc> company and how your customers can tell if a site is secure. You
ffc> will find out how to test, purchase, install and use a thawte
ffc> Digital Certificate on your Apache web server.
ffc> Throughout, best practices for set-up are highlighted to help you
ffc> ensure efficient ongoing management of your encryption keys and digital certificates.
ffc> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
ffc> be442f727d1
ffc> -------------------------------------------------------------------
ffc> -----
<===========End of original message text===========
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]