Contact:http://www.packetnexus.com
When faced with a small business client who doesn’t understand why the Server Status Tool is a "must have", I usually discuss a simple formula. What is the client’s annual net income? ___________ How many business days is the client open each year? (usually about 250) _____ How many hours are in a typical business day? (usually about 8) ______ So the daily cost of downtime = A/B and The hourly cost of downtime = A/(BxC) For a small business client with just US$1M in annual net income, downtime costs about US$4,000 a business day or US$500 per business hour. Electronic mail (email) systems are critical to supporting collaboration throughout an enterprise. As one of the most popular platforms today, Microsoft Exchange Server continues to be deployed to support growing email communities, with users easily numbering in the 1000's. So, what happens when Exchange email systems go down? You lose collaboration. You lose productivity. And, in most cases, you lose money (a noted industry analyst has pegged losses associated with messaging systems outages at up to $1,000 per minute). Back to the Index
Contact:http://www.packetnexus.com
Internet time? What is it? I have really no idea but I'll take a stab at it. It boils down to things happen faster on Internet time. First let's look at typical work hours. 8 hours a day, 40 hours a week, 160 hours a month. Let's assume Internet time is 24 hours a day, so 3 Internet days occur every regular day. So for every regular week 15 internet days occur. But, Internet time occurs on the weekend so factor in 6 more days. So in one week 21 internet days pass. In one month 84 internet days pass. See where this is going? An Internet year only takes 121 days to occur. So 3 Internet years pass during the course of one regular year. Does that bother anyone? Who is getting paid for all that time? Not me! With this time scale it isn't a big stretch for IT pros to get a raise every 4 months! Now, this theory may be flawed. But running 24x7 and serving customers seems to be important these days. People don't seem interested in paying for that kind of service, UNTIL something happens that makes it clear that they have to. Here is formula I found for calculating the cost of downtime. What is the client’s annual net income? _____ = A How many business days is the client open each year? (usually about 250) _____ = B How many hours are in a typical business day? (usually about 8) _____ = C So the daily cost of downtime = A/B and The hourly cost of downtime = A/(BxC) For a small business client with just US$1M in annual net income, downtime costs about US$4,000 a business day or US$500 per business hour. 500 bucks an hour!!!! I get paid what? I have seen studies that estimate the cost of email being down at $1000 an hour. Now how much is my job worth? If I keep that server up 24 hours a day for 1 Internet year? $121,000 for a third of a regular year!!!! And I get paid what? Ok, so that is 24x7 for 4 months. Do the math for the year. All of the sudden these IT guys hold the companies balls in their hands. Stop and think for a minute. What is the first thing a new employee gets their first day on the job. HR paperwork....NO! A friggin' computer. Why? Because everything that employee does revolves around that piece of equipment. Can't get email, can't work. Can't surf the web, can't work. Can't get into Microsoft Word, can't work. Can't check the stock market.....whatever. Does anyone see the pattern? The IT guy is key to the whole business process. Do this. Take the internet connection down for 15 minutes at work. How many people start roaming the halls asking if there is a problem. Is the internet connection the key to doing work? Every time the network is down, a crowd gathers. Why? BECAUSE THEIR FREAKING JOB REVOLVES AROUND IT!!!!! But, is IT treated like the company revolves around it? In 90% of the companies....NO! I still don't get why, but I guarantee that the companies that don't realize that IT is what will make or break the company are going to fail. And they will fail miserably. Why, because they didn't pay the IT guy enough to keep him. They chose to settle for the cheaper solution and that guy doesn't even know what a T-1 is. This turned into a huge vent, but whatever. Maybe someone will read this and make their company a big success because they made the IT staff happy and realized the important role they played. Do you realize you wasted 15 Internet minutes reading this!!!!!?!?!?!?! -j Back to the Index
Contact:http://www.packetnexus.com
Some Methodologies For Risk Assessment Failure Mode and Effects Analysis: Examines each potential failure condition in a system to determine the severity of the impact to the system. HAZOP (Hazard and Operability): Examines process and engineering intentions to assess the potential hazards that can arise from deviations from design specifications. Historical Analysis: Examines frequency of past incidents to determine the probability of a condition recurring. Human-Error Analysis: Examines the possible impact of human intervention and error on a system. Probabilistic Risk Assessment: Examines the probability that a combination of events will lead to a particular condition. Tree Analysis: A family of analysis methods, such as event tree, attack tree, management-oversight tree and fault tree, that focuses on processes or a sequence of events that may lead to a particular condition. Back to the Index
Contact:http://www.packetnexus.com
Its 1% inspiration, 99% persperation. Actually, that is optimistic, its more like .0001% inspiration. In fact, as a practical matter, many discoveries are small leaps, innovations based on well known stuff, sometimes combining it in previously unknown ways. Its worth talking about a company here like California Cooler -- that company was founded by two guys who liked to mix wine and juice for their volleyball games on the beach. They invested $10,000, and within three years they grossed $200 million. See, everyone thinks it is the high tech companies that make money, but in reality, nearly any business can. My favorite thing is to read from Kaplan "An Empire Wilderness" about the changing demographics. Think about how the US is changing -- we are becoming a hispanic/asian country, blacks are getting squeezed out and whites are losing their majority status. Most of that will happen within the student's lifetime. And you think the 20th century was a ride! So, practical advice: 1. You get wealthy by accumulating wealth throughout your lifetime. There is no substitute for getting a degree, marrying someone with a degree, and living on 75% of your income. 2. You can't ever stop learning. You might think book reports are drudgery, but you would be surprised how often in the real world you have to write book reports. 3. Life isn't fair. People make vastly different salaries, often outside of their control. So control what you can, take pride in what you do, and plan plan plan for your own future. Ooh, Felon, you're a tough one. We haven't met before, but rest assured I'm qualified for the task. But rather than share my narrow perspective, I'd like to incorporate the thoughts of many. The difference between being an entrepreneur and being a successful entreprenuer? The ability to seek the input of others. (learned that the hard way, BTW). My suggestions: - Besides being the only way to get truly wealthy, being an entrepreneur is also a great way to go dead broke. - The fundamental skills they are getting now are crucial to being a success later. PAY ATTENTION in class, never hesitate to ask a genuine question, and constantly request that the teachers show how what they are teaching relates to real-world situations - even if it is just to help abstract thinking. - Learn to recognize opportunity, and differentiate it from "get rich quick." When something isn't working well, do you have a better way? Do you look at problems as a way of making money by providing the solution? - Learn to boil problems down to their essential elements, not get bogged down in flash, noise and distractions. Learn to see through the BS. - 3 part secret of life 1. Everyone can do something really well. Being in school is the best opportunity to find out what that is that they'll EVER have. Don't waste it. 2. The lucky ones not only find that thing, but find that they really LIKE doing that thing. In other words, it isn't much use being good at something you are bored by or just hate doing. Find what you love to do, and think is really cool. Explore that as much as possible in and out of school. 3. The REALLY lucky ones get to do something they love and they're really good at, AND get a lot of money for doing it. Musicians, for example, are kind of entrepreneurs, in that they may write, perform and sell their music. Or, get by, muddle through, punch in and out each day for the rest of your life and wonder where you went wrong... SWF, being an entrepenuer my self, just tell them the two kinds of magicians (people). Those who turn shit into money, and those who turn money into shit. You can realistically expect to make 100k a year if you are only workinFW: [logs] hack attempts && price
Home: www.packetnexus.com
Subject: RE: [logs] hack attempts && price well as a consultant I do this aproach: identify risk (fx. e-commerce site that brings $10M yearly=>1 day downtime=$300K=>1 hour downtime=$10K) cover risk by realtime log auditing.. (costs fx $7K daily) profit=> risk value*risk probability - countermeasure=$40K monthly -----Original Message----- Subject: Re: [logs] hack attempts && price On Fri, Feb 15, 2002 at 10:52:13AM -0300, Gonzalo Garcia wrote: > I don´t known if this is off topic, if it is let me know. > > Due to the result of log analisis ( DCs, IDS, syslog, etc, etc, etc ) I'm > able to identify many "hack attemps" using exploits, virus, trojans, ports > scannings, and many other stuffs that are in the wild. > > Because this tasks requires capital goods, manpower, bla bla ... this costs > are charged to my department, so I trying to find a theory ( economic or not > ), way to assign a price to every "hack attempt" identified with the help of > the log analisis. As a rough sketch, try calculating the total cost of employing the staff necessary to respond to the incidents, and the corresponding hardware/software costs, and then prorate based on the amount of time the average indicent takes to deal with. Say that you have a 3-person IRT, with each analyst being paid $50k annually. Normal HR calculations say that overhead for a given employee is between 15% and 30% of salary, so you can ballpark the total effective cost of employing those folks at around $180k/yr. Add to that a prorated cost of equipment--maybe $5000 worth of hardware and software per analyst, prorated over 5 years (probably too long, but I believe that's the current rate that that the US IRS uses for depreciation), which works out to around $3000 per year of extra overhead. Then add in an appropriate portion of general network overhead costs and any specific servers used for archiving forensic data, etc.; assuming 6000 person/hours per year of available analyst time, and an average of a half-hour to deal with a given incident, you are looking at around $16 per incident. There are all sorts of other factors that could be folded in, but that's the basic methodology I would use. -- Sweth. Back to the Index