More base than data.
To think that these "data"bases are relied upon to destroy peoples lives on a daily basis.
Not only in America but here with the CRB checks only being as reliable as a disgruntled or vindictive employee.
A former data analyst for the Transportation Security Administration was sentenced to two years in prison for planting code in a terrorist screening database server after he was told his position was going to be eliminated. Douglas James Duchak, 46, received the sentence on Tuesday after admitting he planted the sabotage code …
So, wait a minute, exactly how does one spend nearly a hundred thousand dollars removing malicious code that hadn't even been executed from a machine that was otherwise unaffected?
Yes, er, please, can someone explain that? It costs a lot less to remove the sugar-tainted gas from the tank than it does to replace the engine, so why did this cost more to "fix" than it does for major corporations to repair after a virus or malicious code has wrecked their system? I'm serious, look at the last few articles on this subject, all of the "repair costs" are way below $85k.
I guess that's how much it cost to get things signed in triplicate and to oversee the oversight and whatnot.
I have an idea why it cost so much:
Generally, after a security incident, you want to have a full audit done on all the systems and databases the perpetrator had access to, and by a trusted or certified third-party. This way, any other logic bombs that may have been planted can be rooted out, and the third party can certify or guarantee that the issue has been corrected within certain limitations that have been mutually agreed upon by the companies involved (usually through scope of work or similar.)
*That's* why it cost so much.
...but if this guy was an employee of InfoZen why wasn't InfoZen responsible for the cleanup? If InfoZen was just a contracting agency then maybe I could see it, but typically a service provider (which is what InfoZen looks like) would hold the liability in a normal commercial contract.
Because until InfoZen itself gets a clean bill of health, they are as suspect as their employee, so an outside agency needs to do the audit. The government can probably sue InfoZen to recover the cost of the audit if it fails to collect from the actual perpetrator. But recovering the cost doesn't change the magnitude of the cost reported to the courts.
1 - Be smart and take your redundancy package.
2 - Be an idiot and get a couple of years behind bars for attempting pointless revenge that wouldn't have given you your job back anyway.
There are exceptions though: I'm not smart, and I still chose option 1 (heck, I took voluntary redundancy and lit all the lanes, i.e. I got x2 bonus), so you have to be even more stupid than me to go for option 2. I guess it makes me feel better, floating off the bottom of the genetic pool slightly.