Michael Kassner has written an excellent article, definitely worth reading, at the Tech Republic last year on why such a belief no longer applies today. Kassner references the CSI/FBI Computer Crime and Security Survey which asks organizations to estimate the percentage of internal attacks they encountered. The results of survey is displayed in the following graph:
After doing some statistical analysis, the estimated overall average of security breaches that originate from internal attacks is less than 16%. The difference is overwhelmingly significant that likely any margin of error such as the "different point of view" 's in Kassner's article would still have little effect in proving contrary beliefs.Hence, allocating your IT security budget of your organization can be calculated by a simple risk management formula. Let,
E = the average financial impact including losses that may result due to an external attack on your organization. The impact may include financial or information thefts, reputation, loss of productivity, recovery, etc.
I = the average financial impact including losses that may result due to an internal attack on your organization.
Further readings:
http://www.pcworld.com/businesscenter/article/147098/insider_threat_exaggerated_study_says_.html
Posts
No comments:
Post a Comment