Until now, estimating costs for infrastructure security breaches has been more magic than science, according to Bill Spernow, research director of information security strategies at Gartner Group in Stamford, Conn. After collaborating with some of the top information security minds in the industry, Spernow has developed a four-part model for estimating these losses. The model looks at how a security incident affects the IT enterprise, IT staffing, profit and new clients who are denied access.
For example, you can put a price tag on the impact on the technological enterprise by taking the annual IT budget plus the average uptime and dividing by the percentage of affected systems and the number of hours network resources were unavailable. Spernow's commentary, "Estimating Losses from an Infrastructure Compromise: A Generic Model for IT Security Staff," is still in development but should be available within two weeks at www.gartner.com. The report is free of charge to Gartner clients; nonclients may purchase it.