[Sussex] IM Server

Mark Harrison Mark at ascentium.co.uk
Wed Apr 28 17:17:26 UTC 2004


----- Original Message ----- 
From: "Steve Dobson" <steve at dobson.org>
To: "LUG email list for the Sussex Counties" <sussex at mailman.lug.org.uk>
Sent: Wednesday, April 28, 2004 6:00 PM
Subject: Re: [Sussex] IM Server
>
>
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=industrial+espionage+court+case&btnG=Google+Search
>
> Some where around 50,600 hits.  Is that enough evidence for you?

I wasn't querying whether espionage happens - I was querying whether using
an external IM service ACTUALLY introduces any business risk.


I have spent many years asking IT Security people the same question. "How
much money would we lose if XXX happened?" In 90% of cases, the answer is
LESS than the cost of fitting the "more secure" system that the IT Security
person is asking for...

There are, in day to day life, a very very limited number of pieces of
information whose disclosure would actually harm the organisation. The
classic cases are best bids from competitors in a negotiation... and
increasingly eAuctions are putting pay to that claim, with companies
typically making better savings from their suppliers when those suppliers
HAVE the information (in the form of the counter bid) from their
competitors...

If a business tells you "if our competitors got hold of XXX, they would be
able to do YYY" then the question is "if YOU got hold of the corresponding
information about your competitor, would you be able to do the same to him?"
Again, 90% of the answers to that are "well, now you mention it, no".

M.





More information about the Sussex mailing list