Hi, the "expected value" of the damage is the amount of the damage multiplied by its probability. Of course this calculated value is to be summed on all independent events. Thus it is worth to make countermeasures until it costs less than that expected total. On the other hand, one should take into account what is the cost of the software make possible such damages comparing with (maybe free) alternatives. It is the point of decision and IMHO the decision maker should not only justify his/her decision but also responsible for it. Regards, Imre On Tue, 16 May 2000, Clyde Smith-Stubbs wrote: > On Tue, May 16, 2000 at 08:24:43AM -0400, M. Adam Davis wrote: > > > virus, and determine a plan of action. Here's the expensive part: While a > > script can get rid of most traces of the virus, and a few filters can keep it > > from spreading much more, thousands of emails have been lost/dropped, schedules > > have been moved back, parts aren't on order (and they are supposed to be), etc, > > Quite frankly, if a company of that kind of size allows its employees to read > email with Outlook Express (or any Microsoft product, for that matter) then > they deserve what they get. If email is that important to the company, then > it should be bulletproof. > > A company of that size should have at least a couple of staff devoted to > risk management. It became very obvious some time ago that Outlook express > is as full of holes as a Swiss cheese, and any risk manager who hadn't taken > steps to prevent this kind of attack should be fired (given that there were > ample precedents for it). > > But then maybe they don't back their data up either. > > -- > Clyde Smith-Stubbs | HI-TECH Software > Email: clyde@htsoft.com | Phone Fax > WWW: http://www.htsoft.com/ | USA: (408) 490 2885 (408) 490 2885 > PGP: finger clyde@htsoft.com | AUS: +61 7 3355 8333 +61 7 3355 8334 > --------------------------------------------------------------------------- > HI-TECH C: compiling the real world. > >