Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DHS Cyber Security Investment Study

  • From: Valdis.Kletnieks
  • Date: Mon Sep 12 15:12:46 2005

On Mon, 12 Sep 2005 13:39:56 EDT, "Rowe, Brent" said:

> clear that I are not interested in learning the makeup of your IT
> infrastructure, the IT policies and procedures your organization
> employs, the number of breaches you have each year, or any other
> sensitive information related to your organization's IT security.
> Instead, I am interested in discussing the information you use to decide
> how much to spend on various IT security-related activities and what
> information you are collecting (and using) from your IT system
> operations.

Any attempt at trying to analyze information about budget allocations
without at least some understanding of the IT policies is probably doomed
to failure.  At least in our shop, there are things we track in a very
anal-retentive fashion, and information we don't bother collecting, *because*
our policies say the first is important and the second one is ignorable.

For instance, if I told you how many hundreds of dollars we spent on perimeter
firewalls last year, you'd be totally dazed and confused unless you understood
our thinking regarding perimeter firewalls. (And yes, "hundreds" is the right
units, and yes, we know what we're doing, and no, I don't want to hear how
we're nuts. It works *in our environment, YMMV...:)

Attachment: pgp00018.pgp
Description: PGP signature

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.