Serious financial damage
has been caused by security breaches, but because there is no standard model
for estimating the cost of an incident, the only data available is that which
is made public by the organizations involved. "Several computer security
consulting firms produce estimates of total worldwide losses attributable to virus
and worm attacks and to hostile digital acts in general. The 2003 loss
estimates by these firms range from $13 billion (worms and viruses only) to
$226 billion (for all forms of covert attacks). The reliability of these
estimates is often challenged; the underlying methodology is basically
anecdotal."
However, reasonable
estimates of the financial cost of security breaches can actually help
organizations make rational investment decisions. According to the classic Gordon-Loeb
Model analyzing the optimal investment level in information security, one can
conclude that the amount a firm spends to protect information should generally
be only a small fraction of the expected loss (i.e., the expected value of the
loss resulting from a cyber/information security breach).
0 commentaires:
Enregistrer un commentaire