skip to main
|
skip to sidebar
謎人誌 kryptoman's blog
所有文字內容皆為版權所有. 任何形式轉貼均須先得到授權. 鏈接不在此限. 歡迎推薦及指教.
Friday, July 02, 2010
$204 美金
獨立研究報告顯示, 資料外洩 (Data Breach) 的成本可能比想像中高得多. 以美國的企業為例. 根據一家專精資料隱私及安全的機構 (Ponemon) 的統計, 平均一次資料外洩事件要花費 $675萬美金來解決. 以單筆資料來看, 每筆外洩資料價值 $204 美金. 也許你想問, 這麼昂貴的數字從何而來?
看看以下的資料外洩花費條列, 其實就不難理解:
調查取證費
監察和顧問費
內部單位聯絡協調費
外部單位聯絡協調費
公共關係費
法律辯護費
法律顧問費
服務過失補償費
個資保護服務補償費
(若有法律規範) 繳納政府罰金
客戶流失損失
(因失去對企業的信任)
延攬新客戶增加成本
(因企業形象損傷)
看看這些數據, 說服企業老闆對資訊安全的投資成本回收 (ROI) 應該會容易些.
http://www.ponemon.org/index.php
No comments:
Post a Comment
Newer Post
Older Post
Home
Subscribe to:
Post Comments (Atom)
關鍵字
Kryptoman
資訊安全 資安 網路安全 安全軟體 電腦病毒 惡意軟體 黑客 駭客 黑盒子 加密 解密 密碼 破解 越獄 防火牆 間諜軟體 補丁 電腦犯罪 犯罪調查 個資 監控
View my complete profile
Blog Archive
►
2011
(1)
►
February
(1)
▼
2010
(9)
►
October
(1)
▼
July
(2)
$204 美金
個人資料值多少?
►
May
(6)
Security topics
Bruce Schneier
Counter Hack
CVSS calculator
CVSS framework
DEF CON
DHS - Build Security In
FAIR framework
Hakin9 magazine
NIH enterprise security architecture
OWASP risk methodology
OWASP threat modeling
OWASP Top 10
PGP Global Directory
SANS - 20 critical security controls
SANS - Computer Forensics
SANS - Internet Storm Center
SANS - WhatWorks
sla.ckers.org forum
Wikileaks
SecOrgs & Vendors
(ISC)
2
CERT
Fred Cohen & Associates
Honeypot
InGuardians
ISSA
MSDN security developer
Netcraft
NIST - Computer Security
OASIS - security
OpenDNS
OWASP
PCI Security Standards
SABSA security architecture
SecuriTeam
SecurityFocus
Toolkits
Charles - web debugging proxy
ISSA toolsmith
Mutillidae - Vulnerable set of OWASP top 10
Netsparker web app scanner
NIST cryptographic toolkit
Pete Finnigan Oracle security
SecurityDistro - Security distributions
SensePost
SQL injection cheatsheet
WebGoat (insecure J2EE web app)
Source/binary code analysis
Fortify
PMD (Java source code scan)
SWFIntruder (flash/swf runtime)
swfscan (flash/swf)
Veracode (binary)
Web app scanners
Burp Suite
Core Impact
IBM AppScan
w3af
Whitehat
Network/host scanners
Nessus
Qualys
Penetration testing tools
Absinthe (blind SQL injection)
Ajax Shell Commander (execute shell)
BeEF (browser exploitation)
Burp Suite
(web proxy)
dig (DNS query)
DirBuster (dir and file names)
Fierce Domain Scan (recon)
Foundstone SiteDigger (recon)
Foundstone WSDigger (WS testing)
GHDB (recon)
Grendel-Scan
HTTPrint (web server fingerprinting)
nmap (network exploration)
Paros (web proxy)
PHP Shell (execute shell-commands)
ProxMon (web proxy)
ratproxy (passive web proxy)
soapUI (general WS testing)
SQL Inject Me (FF plug-in)
sqlmap (SQL injection)
SwitchProxy (FF plug-in)
Tamper Data (FF plug-in)
WebScarab (web proxy)
Wireshark (network sniffing)
XSS Me (FF plug-in)
Encryption tools
Credant (desktops/portable devices)
PGP (email, files, drives)
SafeNet/Ingrian DataSecure (DBs, Apps)
SSH/SFTP (transport)
SSL/TLS (transport)
TrueCrypt (files, drives)
Firewall/IDS/IPS
Imperva (web app firewall)
snort
Anti-virus/malware/spyware
McAfee
Patch management
BigFix
Forensics/incident response
Encase (forensics)
Maltego (info collection)
Data loss prevention (DLP)
RSA DLP Suite
Security monitoring
Tripwire
Identity and access management
BeyondTrust PowerBroker (admin)
Oracle Access Manager (WSSO)
Passlogix v-GO (ESSO)
RSA SecurID (OTP token)
Sentillion (session management/SSO)
Xyloc (proximity badge)
Security Terms
nonce
No comments:
Post a Comment