Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable.
Stories by Bruce Schneier
There are two basic ways to sell something. Either a product gives the buyer something he or she wants — satisfaction, comfort or money — or it stops that person being subject to something he or she doesn't want: assault, fraud, burglary or a terrorist attack.
One of the basic philosophies of security is defense in-depth: overlapping systems designed to provide security even if one of them fails. An example is a firewall coupled with an intrusion-detection system (IDS). Defense in-depth provides security because there's no single point of failure and no assumed single vector for attacks.
If press coverage is any guide, then the Witty worm wasn't all that successful. Blaster, SQL Slammer, Nimda, even Sasser made bigger headlines. Witty infected only about 12,000 machines, almost none of them home users. It didn't seem like a big deal. But Witty was a big deal (see story). It represented some scary malware firsts and is likely a harbinger of worms to come. IT professionals need to understand Witty and what it did.
Security engineering is different from any other type of engineering