ABSTRACT
The vastness and openness that characterizes the Internet
presents an extremely challenging problem-security.
Although many claims about the number and cost of
Internet-related intrusions are available, valid, credible
statistics about the magnitude of this problem will not be
available until scientific research is conducted.
Exacerbating this dilemma is that most corporations that
experience intrusions from the Internet and other sources
do not want to make these incidents known for fear of public
relations damage and, worse yet, many organizations fail to
even detect most intrusions. Sources, such as Carnegie
Mellon University’s Computer Emergency Response
Team, however, suggest that the number of Internet-related
intrusions each year is very high and that the number of
intrusions reported to CERT (which is one of dozens of
incident response teams) is only the tip of the iceberg. No
credible statistics concerning the total amount of financial
loss resulting from security-related intrusions are available;
but judging from the amount of money corporations and
government agencies are spending to implement Internet
and other security controls, the cost must be extremely high.