Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/21/2008
12:16 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Counting The Costs Of Cybercrime

Have we been underestimating the financial costs of cybercrime? Maybe so says a new guidebook from the American National Standards Institute (ANSI) and The Internet Security Alliance (ISA.) And it may well be maybe so and then some.

Have we been underestimating the financial costs of cybercrime? Maybe so says a new guidebook from the American National Standards Institute (ANSI) and The Internet Security Alliance (ISA.) And it may well be maybe so and then some.The joint ANSI and ISA guide, aimed at CFOs, takes hard look at the breadth of cycbercrime's financial impact throughout a business.

That spread is wider than just the initial response to a data breach.

The guide recommends including the full array of departments (and, depending on the nature of your business, outside vendors, specialized professional services, etc.) and measuring those against the risks of being tagged by the cycbercrooks.

Have you, for instance, given thought to what a data breach would do to your business insurance premiums? How much would legal fees be if your business is victimized? How much extra will you be paying to manage the public face of the crime -- public and press relations, communications with affected customers and so on?

The point of the guide is to provide you with the tools needed to calculate your risk, the costs accompanying those risks and the proper business response to mitigating them.

It's sobering reading and, coming with the imprimatur of ANSI, invites careful reading and reflection.

"The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask" can be downloaded for free here (registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.