August 4, 2009 at 8:49 pm
Comments posted to this topic are about the item Placing a Value on Data
August 5, 2009 at 1:42 am
Also important, I think, when evaluating the worth of your data, to take several different viewpoints. The value someone else puts on getting hold of your data is rarely the same as the cost to your company of losing that data, and stolen data is also rarely "lost" data (in so much as you don't lose the ability to use the data just because it has been shared with someone else). Arguably, too, each company will develop a different view of the relative importance of each of those scenarios.
Semper in excretia, suus solum profundum variat
August 5, 2009 at 7:47 am
You also have to assess the cost of protecting it.
If your company loses an average of one laptop per year, and spends an extra $100k per year on encrypting hard drives and recovering from lost encryption keys/passwords, you're losing money overall.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 5, 2009 at 8:31 am
GSquared (8/5/2009)
You also have to assess the cost of protecting it.If your company loses an average of one laptop per year, and spends an extra $100k per year on encrypting hard drives and recovering from lost encryption keys/passwords, you're losing money overall.
You also have to keep in mind secondary effects on costs. For instance, if the data that was stolen was something valuable (SSN, Credit Card info, etc.) and your customers end up having to jump through hoops to get their lives back in order, you lose them. You'll probably also lose another 11 people per customer who have heard about how terribly your company treats important personal information.
those costs would be even more difficult to quantify, but could be a major factor.
August 5, 2009 at 8:38 am
Andy Lennon (8/5/2009)
GSquared (8/5/2009)
You also have to assess the cost of protecting it.If your company loses an average of one laptop per year, and spends an extra $100k per year on encrypting hard drives and recovering from lost encryption keys/passwords, you're losing money overall.
You also have to keep in mind secondary effects on costs. For instance, if the data that was stolen was something valuable (SSN, Credit Card info, etc.) and your customers end up having to jump through hoops to get their lives back in order, you lose them. You'll probably also lose another 11 people per customer who have heard about how terribly your company treats important personal information.
those costs would be even more difficult to quantify, but could be a major factor.
Yep. There are indirect costs to everything.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 5, 2009 at 9:22 am
And, unfortunately, I think some of these companies decide that they'll let some data get stolen, and deal with a few people rather than protecting it because of the costs.
Some of these security products are so expensive, I'm not surprised. The vendors aren't really doing a good business calculation on their side.
August 5, 2009 at 9:59 am
I dont think you can price data like you price, say, a tractor attachment. Data is more like pricing a valuable antique because the value changes as the data is, or is not pertinent, young, old, etc.
For example, I know people who swear by their PDA's and I often ask "How often do you back it up?" - the answer is inevitably "Never". So that data obviously is not worth much to them - until they drop their PDA which gets run over by a passing street cleaner and then suddenly, that data is "priceless".
Or how about the really slick criminals who hacked into a system and stole a vast list of credit card numbers... and it turned out that the list contained only cancelled credit cards.
And therein lies the problem. You cannot put a price on data because its largely subjective and time-bound. What you call "valuable data" is, to someone else, junk.
As well, consider ALL the data that gets thrown up on the web - not just business data! Here on the east coast we have been in the middle of this recent flap over Professor Gates and Sgt. Crowley of the Cambridge Police. But then a Boston police officer named Justin Barrett posted one of the most hateful and ignorant messages, full of racial epithets, on the web!
Now is THAT "valuable data"? Think about that - what if you were going to hire this guy (or one like him) and someone else came along and showed you a copy of his hate-laden posting? Would you call that "valuable data"? It is data - and to someone not interested in hiring racists, it would be valuable - but to Justin Barrett himself - is that valuable?
People need to think outside the box a little. We always seem to think valuable data is only business data - its not. Especially in this day and age of people throwing things up on the web that they cannot take back.
August 5, 2009 at 10:20 am
GSquared (8/5/2009)
You also have to assess the cost of protecting it.If your company loses an average of one laptop per year, and spends an extra $100k per year on encrypting hard drives and recovering from lost encryption keys/passwords, you're losing money overall.
I think the bigger portion of the cost there is the second item. Especially considering we're getting some of the capability such as 'BitLocker' for 'free' on newer OS versions, provided you order the right OS, the cost to encrypt is minmal. And recovery means that IT needs a 'recovery disk' for each PC that's got the encryption enabled.
brief rant: I'm still waiting to hear someone at MS give a reasonable explination as to why it's not a standard feature of Vista Business, since it's BUSINESSES that most need it.. uh "Hello McFly, anyone home in there?" I mean Wiskey Tango Foxtrot?? most businesses are gonna order 'vista business' on new pc's and resent having to upgrade to Ultimate to get this feature where needed. Is there a bigger no-brainer here?
The counterpoint to their gaffe with not putting it into Vista-Business is however that MS also includes this capability in Server2008, considering that it's not just laptops that get stolen.
August 5, 2009 at 10:32 am
Security is expensive, period. And to what degree you implement security to protect your data and systems determines the amount you spend and how well you are protected. The way I look at security is similar to that of an insurance policy. Yeah it sucks to take out of my paycheck X amount of dollars a pay period, but the first time I need to have an expensive medical procedure done, Iām glad I have it. The same with security. Your company may be spending a lot of money and may never have a breach attempted or a laptop stolen, but when that security incident does occur, you will be glad you spent the money.
For me as an IT professional, there are two really tough parts to this issue. First, the amount of technology we are supporting these days perpetuates the amount of work and money we have to spend to protect that technology. It seems like just as we have figured out how to protect one thing, 15 more things come along. The other thing is getting customers to realize there is no one silver bullet to make them safe. It takes an extraordinary number of silver bullets and each time we need a silver bullet, they have to bring out their checkbooks.
There are two things that have always been certain in this world; taxes and death. I think there is a third. Security!
August 5, 2009 at 11:58 am
SQAPro (8/5/2009)
GSquared (8/5/2009)
You also have to assess the cost of protecting it.If your company loses an average of one laptop per year, and spends an extra $100k per year on encrypting hard drives and recovering from lost encryption keys/passwords, you're losing money overall.
I think the bigger portion of the cost there is the second item. Especially considering we're getting some of the capability such as 'BitLocker' for 'free' on newer OS versions, provided you order the right OS, the cost to encrypt is minmal. And recovery means that IT needs a 'recovery disk' for each PC that's got the encryption enabled.
brief rant: I'm still waiting to hear someone at MS give a reasonable explination as to why it's not a standard feature of Vista Business, since it's BUSINESSES that most need it.. uh "Hello McFly, anyone home in there?" I mean Wiskey Tango Foxtrot?? most businesses are gonna order 'vista business' on new pc's and resent having to upgrade to Ultimate to get this feature where needed. Is there a bigger no-brainer here?
The counterpoint to their gaffe with not putting it into Vista-Business is however that MS also includes this capability in Server2008, considering that it's not just laptops that get stolen.
I was including the upgrade cost from Business to Ultimate in my "cost of encryption" statement. That's not just a direct monetary cost because of a price difference, it's also a cost in terms of work, support personnel training, and so on.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 5, 2009 at 12:29 pm
So just curious, does that auger get power from the power takeoff or does it have its own engine and just attaches to the tractor? Looks like a great way to dig post holes. š
August 6, 2009 at 2:22 pm
What's more, Intel surveyed companies and found that the cost of a lost laptop averages out to be nearly $50k. That's half, or more, the cost of a good IT person. Granted that number might vary widely depending on the company, the person's job function, etc. As more and more people buy laptops, it becomes more and more important that good security is maintained to prevent those losses from severely impacting your company's business.
I have a dream the value of data in stolen laptop will be zero because personal data should be encryption and SET algebra required, so when the next algebra challenged VA analyst takes data home the actual data is useless to all but cryptography experts.
That said uncle Sam settled the law suit with millions so we in the data community should set standards for security and auditing.
I think it's worth a little time to assess what your data is worth, and then implement some programs to keep it as safe as you can. Just remember that you can't stop all losses, but by knowing where you have lots of valuable information, you can decide what is worth protecting.
The above is the reason SPSS business was almost like printing money before IBM bought it which also confirms the Ralph Kimball saying Cognos, Hyperion and ProClarity are MDX scripting tools read over rated.
Kind regards,
Gift Peddie
August 6, 2009 at 4:03 pm
I have a dream the value of data in stolen laptop will be zero because personal data should be encryption and SET algebra required, so when the next algebra challenged VA analyst takes data home the actual data is useless to all but cryptography experts.
Ops I was wrong a contractor just lost another laptop with none encrypted personal data of US military personnel.
http://news.yahoo.com/s/ap/20090806/ap_on_re_us/us_national_guard_identity_theft
:Whistling:
:hehe:
Kind regards,
Gift Peddie
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply