Home: www.packetnexus.com
Subject: RE: [logs] hack attempts && price well as a consultant I do this aproach: identify risk (fx. e-commerce site that brings $10M yearly=>1 day downtime=$300K=>1 hour downtime=$10K) cover risk by realtime log auditing.. (costs fx $7K daily) profit=> risk value*risk probability - countermeasure=$40K monthly -----Original Message----- Subject: Re: [logs] hack attempts && price On Fri, Feb 15, 2002 at 10:52:13AM -0300, Gonzalo Garcia wrote: > I donīt known if this is off topic, if it is let me know. > > Due to the result of log analisis ( DCs, IDS, syslog, etc, etc, etc ) I'm > able to identify many "hack attemps" using exploits, virus, trojans, ports > scannings, and many other stuffs that are in the wild. > > Because this tasks requires capital goods, manpower, bla bla ... this costs > are charged to my department, so I trying to find a theory ( economic or not > ), way to assign a price to every "hack attempt" identified with the help of > the log analisis. As a rough sketch, try calculating the total cost of employing the staff necessary to respond to the incidents, and the corresponding hardware/software costs, and then prorate based on the amount of time the average indicent takes to deal with. Say that you have a 3-person IRT, with each analyst being paid $50k annually. Normal HR calculations say that overhead for a given employee is between 15% and 30% of salary, so you can ballpark the total effective cost of employing those folks at around $180k/yr. Add to that a prorated cost of equipment--maybe $5000 worth of hardware and software per analyst, prorated over 5 years (probably too long, but I believe that's the current rate that that the US IRS uses for depreciation), which works out to around $3000 per year of extra overhead. Then add in an appropriate portion of general network overhead costs and any specific servers used for archiving forensic data, etc.; assuming 6000 person/hours per year of available analyst time, and an average of a half-hour to deal with a given incident, you are looking at around $16 per incident. There are all sorts of other factors that could be folded in, but that's the basic methodology I would use. -- Sweth. Back to the Index