| COLUMN |
Mad as Hell XI -- How much is Availability worth? [Or, the straw that broke my back] |
 |
By Winn Schwartau
25 Jul 2005 | SearchSecurity.com
|
Disgusted by security issues and poor performance, Winn Schwartau makes the switch from Windows to the Mac and details the bumps in the road along the way in his "Mad as Hell" series.
In 1995, I came up with time-based security [TBS] as a solid math derivative of an earlier PDR model by Robert Ayers. One of the key assets of TBS was the ability to quantify security with well known metrics and easy to test methodology.
By taking TBS and applying it to the classic infosec CIA triad of Confidentiality, Integrity and Availability, security vendors and security practitioners are using this model as the means to quantify risk using time as the metric.
When any computer fails [in this case I am looking at WinTel], it must be repaired if Availability is to be returned. There are two ways to examine this quantifiably.
1. The amount of time I have lost as a user. If I am the only person using the box, then it is only my time wasted.
a. As a home user this might be your hobby and repairing broken computers is your personal psycho-therapy. [Some of us might just call it psycho, but it's your life.] Or maybe you just want the damned thing to work as it's supposed to. Then you can measure the amount of downtime [D, in time] multiplied by frustration factor [Fr, in # of curse words per minute] to arrive at your personal IQ [I Quit]
b. If you run your own small business, a dead PC can mean a dead business. You might not have the budget for
redundancy. Or you are so busy you just want the damned thing to work as it's supposed to. [Sound familiar?] In this case downtime X $/Hr = Total Loss. [D x $ = TL] Easy to calculate. Make sure you include the amount of time it takes to wait on the phone with New Delhi and rebuild the sucker, too. More on that later.
c. Only you can determine this value threshold and then add it to the [D x Fr] + TL = IQ. Either way, from frustration or financial loss, you need to determine your own IQ point.
2. The amount of time it takes someone to repair the box.
a. You lose some amount of time and productivity, even if they just to swap out the box.
b. Your company has to either repair it [Time and materials = $] or send it back to whomever made it, get another and redeploy it. [More time and materials and expenses.]
c. You need to decide your Corporate IQ point. I can't do that for you.
All I can tell you is, during the week of April 18, my IQ point was reached. My wife's IQ point was reached. Our CTO's IQ point was reached. IQ-ism is contagious and self reinforcing.
We all have the same problems. I have tolerated them for entirely too long. I have spent too many hundreds of hours on the phone to Dell Helli. I have installed more OSes than I would ever wish on anyone. Even John Ashcroft.
That will, by definition, degrade the security just as fast as they can add features.
About the author
Winn Schwartau is one of the country's leading experts on information security, infrastructure protection and electronic privacy. Schwartau is president and founder of Interpact Inc., The Security Awareness Company, which develops information security awareness programs for private, public and government organizations.
|
|
|
|
