NANOG members, I am writing to ask for your participation in a study which I am working on for the Department of Homeland Security on IT security investment decisions. My intension is not to upset anyone with an unwanted solicitation, so if you are uninterested in this topic, please disregard the remainder of this email. ------------------------------------------------------------------------ ------------------ My company, RTI, has been contracted by the the Department of Homeland Security to analyze how organizations make investment decisions related to IT security. As part of this project, we are gathering information from organizations in seven different sectors, one of which is Internet Service Providers. I am interested in talking with any individuals representing ISPs about their organizations' IT security decision making practices. Let me be clear that I are not interested in learning the makeup of your IT infrastructure, the IT policies and procedures your organization employs, the number of breaches you have each year, or any other sensitive information related to your organization's IT security. Instead, I am interested in discussing the information you use to decide how much to spend on various IT security-related activities and what information you are collecting (and using) from your IT system operations. If you are interested in participating in this study and/or have questions related to how we plan to use the data we collect, the purpose of the study, or the intended use of the study results, please contact me at browe@rti.org or 919-485-2626. Thank you any assistance you can provide. Regards, Brent Brent Rowe Research Economist Technology Economics & Policy RTI International 3040 Cornwallis Road Research Triangle Park, NC 27709 phone: (919) 485-2626 fax: (919) 541-6683 www.rti.org
"Department of Homeland Security" Thats a Bush get out of jail card. If New Orleans was anything to go by, "Department of Homeland Security" has little credibility or infulence on the world stage, accept within the U.S propaganda bubble of 24 hour news channels. On 9/12/05, Rowe, Brent <browe@rti.org> wrote:
NANOG members,
I am writing to ask for your participation in a study which I am working on for the Department of Homeland Security on IT security investment
On Mon, 12 Sep 2005 13:39:56 EDT, "Rowe, Brent" said:
clear that I are not interested in learning the makeup of your IT infrastructure, the IT policies and procedures your organization employs, the number of breaches you have each year, or any other sensitive information related to your organization's IT security. Instead, I am interested in discussing the information you use to decide how much to spend on various IT security-related activities and what information you are collecting (and using) from your IT system operations.
Any attempt at trying to analyze information about budget allocations without at least some understanding of the IT policies is probably doomed to failure. At least in our shop, there are things we track in a very anal-retentive fashion, and information we don't bother collecting, *because* our policies say the first is important and the second one is ignorable. For instance, if I told you how many hundreds of dollars we spent on perimeter firewalls last year, you'd be totally dazed and confused unless you understood our thinking regarding perimeter firewalls. (And yes, "hundreds" is the right units, and yes, we know what we're doing, and no, I don't want to hear how we're nuts. It works *in our environment, YMMV...:)
participants (3)
-
n3td3v
-
Rowe, Brent
-
Valdis.Kletnieks@vt.edu