Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
•
•	FBI unbolts Steve Jobs 1991 investigation file
•	Cisco boosted profit, sales in Q2 while cutting costs
•	Four crazy tech ideas from Google's Solve for X project
•	Oracle buying Taleo for US$1.9 billion in direct hit at SAP
•	Pre-rendered pages highlight latest Google Chrome release
•	Microsoft exec: Lync-Skype integration a 'compelling opportunity'
•	The future of hypervisors
•	Microsoft mobile CRM clients may mean more productivity
•	Demand growing for application performance management tools, experts say
•	Foxconn said to have been hacked by group critical of working conditions
•	Windows 8 strives for optimal battery life
•	Macs take on the enterprise
•	IPv6 Week: This Brazilian party is for techies only
•	More breaking news

/

Compendium /

Risk management and you

By Adam Gaffin
Network World Fusion 10/22/04

Mike Rowehl says a good computer-security professional eventually realizes that security just is not absolute - you have to assume that, sooner or later, the bad guys will get in and so you have to figure out how to manage your risks:

Before I had a job within a large company doing computer security, I used to think that security professionals spent most of their time updating access control lists, looking at packet logs, auditing application code, and doing all sorts of technical stuff. I thought that computer security within organizations was all about keeping people out of your data and off your systems. It's not. It's about spending as little as possible on issues related to the security of your computers. It's not all about keeping people off your systems. It's about figuring out how much it costs the company if people do make it onto your systems, and then figuring out how much it keeps to keep those people off your systems, and then picking whichever of those two costs less. Like insurance, it's all about risk management. ...

Back to Compendium

Comments

Post a comment

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.