Business

Business

Sorted By Creation Time

Cost of Downtime

Contact:http://www.packetnexus.com

When faced with a small business client who doesn’t understand why the
Server Status Tool is a "must have", I usually discuss a simple formula.


What is the client’s annual net income? ___________

How many business days is the client open each year? (usually about 250)
_____

How many hours are in a typical business day? (usually about 8) ______
So the daily cost of downtime = A/B and

The hourly cost of downtime = A/(BxC)

For a small business client with just US$1M in annual net income, downtime
costs about US$4,000 a business day or US$500 per business hour.


Electronic mail (email) systems are critical to supporting collaboration
throughout an enterprise. As one of the most popular platforms today,
Microsoft Exchange Server continues to be deployed to support growing email
communities, with users easily numbering in the 1000's. So, what happens
when Exchange email systems go down? You lose collaboration. You lose
productivity. And, in most cases, you lose money (a noted industry analyst
has pegged losses associated with messaging systems outages at up to $1,000
per minute).


Back to the Index

Internet Time

Contact:http://www.packetnexus.com

Internet time?  What is it?

I have really no idea but I'll take a stab at it.  It boils down to things
happen faster on Internet time.

First let's look at typical work hours. 8 hours a day, 40 hours a week, 160
hours a month.  Let's assume Internet time is 24 hours a day, so 3 Internet
days occur every regular day. So for every regular week 15 internet days
occur.  But, Internet time occurs on the weekend so factor in 6 more days.
So in one week 21 internet days pass.  In one month 84 internet days pass.
See where this is going?  An Internet year only takes 121 days to occur.  So
3 Internet years pass during the course of one regular year.  Does that
bother anyone?  Who is getting paid for all that time?  Not me!  With this
time scale it isn't a big stretch for IT pros to get a raise every 4 months!

Now, this theory may be flawed.  But running 24x7 and serving customers
seems to be important these days.  People don't seem interested in paying
for that kind of service, UNTIL something happens that makes it clear that
they have to.

Here is formula I found for calculating the cost of downtime.

What is the client’s annual net income?  _____ = A
How many business days is the client open each year? (usually about 250)
_____ = B
How many hours are in a typical business day? (usually about 8) _____ = C

So the daily cost of downtime = A/B and
The hourly cost of downtime = A/(BxC)

For a small business client with just US$1M in annual net income, downtime
costs about US$4,000 a business day or US$500 per business hour.  500 bucks
an hour!!!!  I get paid what?

I have seen studies that estimate the cost of email being down at $1000 an
hour.  Now how much is my job worth?  If I keep that server up 24 hours a
day for 1 Internet year?  $121,000 for a third of a regular year!!!!  And I
get paid what? Ok, so that is 24x7 for 4 months.  Do the math for the year.
All of the sudden these IT guys hold the companies balls in their hands.

Stop and think for a minute.  What is the first thing a new employee gets
their first day on the job.  HR paperwork....NO!  A friggin' computer.  Why?
Because everything that employee does revolves around that piece of
equipment.  Can't get email, can't work.  Can't surf the web, can't work.
Can't get into Microsoft Word, can't work.  Can't check the stock
market.....whatever.  Does anyone see the pattern?  The IT guy is key to the
whole business process.  Do this.  Take the internet connection down for 15
minutes at work.  How many people start roaming the halls asking if there is
a problem.  Is the internet connection the key to doing work?  Every time
the network is down, a crowd gathers. Why?  BECAUSE THEIR FREAKING JOB
REVOLVES AROUND IT!!!!!  But, is IT treated like the company revolves around
it?  In 90% of the companies....NO!  I still don't get why, but I guarantee
that the companies that don't realize that IT is what will make or break the
company are going to fail.  And they will fail miserably.  Why, because they
didn't pay the IT guy enough to keep him.  They chose to settle for the
cheaper solution and that guy doesn't even know what a T-1 is.  This turned
into a huge vent, but whatever.  Maybe someone will read this and make their
company a big success because they made the IT staff happy and realized the
important role they played.

Do you realize you wasted 15 Internet minutes reading this!!!!!?!?!?!?!  -j


Back to the Index

Risk Management

Contact:http://www.packetnexus.com

Some Methodologies For Risk Assessment


Failure Mode and Effects Analysis: Examines each potential failure condition
in a system to determine the severity of the impact to the system.

HAZOP (Hazard and Operability): Examines process and engineering intentions
to assess the potential hazards that can arise from deviations from design
specifications.

Historical Analysis: Examines frequency of past incidents to determine the
probability of a condition recurring.

Human-Error Analysis: Examines the possible impact of human intervention and
error on a system.

Probabilistic Risk Assessment: Examines the probability that a combination
of events will lead to a particular condition.

Tree Analysis: A family of analysis methods, such as event tree, attack
tree, management-oversight tree and fault tree, that focuses on processes or
a sequence of events that may lead to a particular condition.


Back to the Index

Business Advice

Contact:http://www.packetnexus.com

Its 1% inspiration, 99% persperation.
Actually, that is optimistic, its more like .0001% inspiration.

In fact, as a practical matter, many discoveries are small leaps,
innovations based on well known stuff, sometimes combining it in previously
unknown ways.

Its worth talking about a company here like California Cooler -- that
company was founded by two guys who liked to mix wine and juice for their
volleyball games on the beach. They invested $10,000, and within three years
they grossed $200 million. See, everyone thinks it is the high tech
companies that make money, but in reality, nearly any business can.

My favorite thing is to read from Kaplan "An Empire Wilderness" about the
changing demographics. Think about how the US is changing -- we are becoming
a hispanic/asian country, blacks are getting squeezed out and whites are
losing their majority status. Most of that will happen within the student's
lifetime. And you think the 20th century was a ride!

So, practical advice:

1. You get wealthy by accumulating wealth throughout your lifetime. There is
no substitute for getting a degree, marrying someone with a degree, and
living on 75% of your income.

2. You can't ever stop learning. You might think book reports are drudgery,
but you would be surprised how often in the real world you have to write
book reports.

3. Life isn't fair. People make vastly different salaries, often outside of
their control. So control what you can, take pride in what you do, and plan
plan plan for your own future.


Ooh, Felon, you're a tough one. We haven't met before, but rest assured I'm
qualified for the task. But rather than share my narrow perspective, I'd
like to incorporate the thoughts of many. The difference between being an
entrepreneur and being a successful entreprenuer? The ability to seek the
input of others. (learned that the hard way, BTW).



My suggestions:
- Besides being the only way to get truly wealthy, being an entrepreneur is
also a great way to go dead broke.
- The fundamental skills they are getting now are crucial to being a success
later. PAY ATTENTION in class, never hesitate to ask a genuine question, and
constantly request that the teachers show how what they are teaching relates
to real-world situations - even if it is just to help abstract thinking.
- Learn to recognize opportunity, and differentiate it from "get rich
quick." When something isn't working well, do you have a better way? Do you
look at problems as a way of making money by providing the solution?
- Learn to boil problems down to their essential elements, not get bogged
down in flash, noise and distractions. Learn to see through the BS.
- 3 part secret of life
1. Everyone can do something really well. Being in school is the best
opportunity to find out what that is that they'll EVER have. Don't waste it.
2. The lucky ones not only find that thing, but find that they really LIKE
doing that thing. In other words, it isn't much use being good at something
you are bored by or just hate doing. Find what you love to do, and think is
really cool. Explore that as much as possible in and out of school.
3. The REALLY lucky ones get to do something they love and they're really
good at, AND get a lot of money for doing it. Musicians, for example, are
kind of entrepreneurs, in that they may write, perform and sell their music.
Or, get by, muddle through, punch in and out each day for the rest of your
life and wonder where you went wrong...


SWF, being an entrepenuer my self, just tell them the two kinds of magicians
(people).
Those who turn shit into money, and those who turn money into shit.

You can realistically expect to make 100k a year if you are only workin



FW: [logs] hack attempts && price

Home: www.packetnexus.com

Subject: RE: [logs] hack attempts && price


well as a consultant I do this aproach:

identify risk (fx. e-commerce site that brings $10M yearly=>1 day
downtime=$300K=>1 hour downtime=$10K)
cover risk by realtime log auditing.. (costs fx $7K daily)

profit=> risk value*risk probability - countermeasure=$40K monthly







-----Original Message-----
Subject: Re: [logs] hack attempts && price


On Fri, Feb 15, 2002 at 10:52:13AM -0300, Gonzalo Garcia wrote:
> I don´t known if this is off topic, if it is let me know.
>
> Due to the result of log analisis ( DCs, IDS, syslog, etc, etc, etc ) I'm
> able to identify many "hack attemps" using exploits, virus, trojans, ports
> scannings, and many other stuffs that are in the wild.
>
> Because this tasks requires capital goods, manpower, bla bla ... this
costs
> are charged to my department, so I trying to find a theory ( economic or
not
> ), way to assign a price to every "hack attempt" identified with the help
of
> the log analisis.
	As a rough sketch, try calculating the total cost of
employing the staff necessary to respond to the incidents, and the
corresponding hardware/software costs, and then prorate based on the
amount of time the average indicent takes to deal with.  Say that you
have a 3-person IRT, with each analyst being paid $50k annually.  Normal
HR calculations say that overhead for a given employee is between 15%
and 30% of salary, so you can ballpark the total effective cost of
employing those folks at around $180k/yr.  Add to that a prorated cost
of equipment--maybe $5000 worth of hardware and software per analyst,
prorated over 5 years (probably too long, but I believe that's the
current rate that that the US IRS uses for depreciation), which works
out to around $3000 per year of extra overhead.  Then add in an
appropriate portion of general network overhead costs and any specific
servers used for archiving forensic data, etc.; assuming 6000
person/hours per year of available analyst time, and an average of a
half-hour to deal with a given incident, you are looking at around
$16 per incident.  There are all sorts of other factors that could be
folded in, but that's the basic methodology I would use.

	-- Sweth.


Back to the Index