What does risk management have to do with intrusion detection? Every organization either consciously or subconsciously makes decisions about risk. Obviously, we decide how much risk we are willing to accept ourselves. The distributed denial-of-service attacks that became widely known in February 2000 and Code Red attacks in 2001 demonstrate clearly that we also decide how much risk we are willing to accept on others’ behalf. The security of my site depends, at least in part, on the security of your site. This chapter lays the groundwork that will enable you to present a cogent argument to your management that intrusion ...