Probability of Loss
National History

In 1998 the Department of Commerce (DOC) reported that U.S. business incurred $12.5 billion in intellectual property losses, with estimates of 97% of ebusiness crimes going undetected or unreported. In addition add another $4.5 billion in losses associated with voice PBX, up 40% in 2000 (Source: Telecom &Network Security Review and MCI) with and an average loss per incident of $100,000.

Low level of security maintained on voice telecommunications. Long Distance services in use without restraints Unrestricted access to 011 by time of day Unrestricted Foreign areas in the North American Numbering Plan 97% of station users are equipped for Call Forwarding External Voicemail box passwords are not changed every 90 days Restrict PBX-IP addresses from unauthorized internal and/or public telnet access

Return on Investment (ROI) Review.

Proactive implementation of a voice and IT security plan can be quantified from both an economic return on investment (ROI) and human resource level. Businesses improve the ability to manage telecommunications services during implementation of proactive security, with improvement of network utilization and availability. Following are recommended voice network management changes that will generate a return on investment (ROI)

Risk of Doing Nothing

Loss of corporate intellectual property Defamation of brand name and reputation Loss of network integrity Loss of employee productivity during system shut down Current intruder loss - $00,000 (Annual long distance (LD) billing $,000,000 amount)

Lost opportunity to justify a reduction in the current $,000,000 long distance (LD) expense

Average National IS Intruder Loss: $2,000,000 - $12.5 billion lost in 1998

Average Telephony Intruder Loss: $100,000 - $4.5 billion lost in 2000

Computer Security Institute's 2001 Computer Crime and Security Survey found Cybercrime tallied up $378 million in losses among 186 companies that were able to quantify their damages in 2001. The damage figures take into account losses in the previous year. That average of $2 million per company doubled the average shortfall of the 249 business that responded in 2000.

My proposal is re-create the INS model with a depper emphasis on vendor security partnerships and business reseller partnerships from small, medium and large corporations starting off at the reasonable level in pricing with a security snapshot of $1500.00 and moving upwards, most IT/network/security managers have signing authority for the small amount of dollars, and basically the group would move forward in establishing an on-going relationship with the customer, but with a $1500.00 - $2000.00 security snapshot, the sale cycle would be less than 30 days, unlike the most security organizations attempting to land large security deals that could take up to 9 months to a year to receive an updated email response due to budget planning, etc. The major focus would be on small to medium sized companies with a very limited scope on very large accounts. Other focuses would be on working with large organization service companies (i.e Telecom providers, product companies) that do not want to focus on growing their professional service organizations.

Does this make sense ??