- To help determine where you can implement a firewall, define what the cost of the data you are trying to protect is. - One variable to consider is the cost of restoring or repairing the data. - An additional variable is the cost of lost work and downtime as a result of the data being inaccessible to employees. - Yet another variable is the cost in lost revenue or income that might come as a result of the loss of data.. - SLE is the expected monetary loss every time an incident occurs. - The ALE is the expected monetary loss over the course of a year. - The ARO is the probability that something will occur during a given year. - First, you need to define the cost of restoring or repairing the data. - For this scenario, assume that the cost to recover from this compromise is $500. - Next, the loss of the web server and subsequent inability of the workers to do anything productive needs to be factored into the equation.. - Assuming the employees are paid $12 an hour (average salary of a data-entry clerk in the Houston, Texas, area) and the server is down for a half a day being rebuilt, the cost to the company in just lost time for the users of the web server is $4800. - Finally, the cost of loss of revenue or income needs to be factored into the equation. - $6300, which is the SLE of the given scenario.. - With the benefit of hindsight, you can easily see that the firewall was worth the cost. - What if the ARO is less than 1 (which it frequently is)? At that point, it can be tougher to make the case that a firewall should be implemented, because the cost of the firewall may not be less than the ALE. - In this case, however, keep in mind that the ALE is the expected loss, not the actual loss, and although the cost of the solution may be less than the ALE, it may still be financially viable and a worthwhile endeavor. - Conversely, if the probability that an event will occur is so low, the cost of the solution may never be justified. - Another variable is the cost of starting over. - The cost of legal repercussions as a result of the data loss or compromise is another real
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt