Managing Risk and Keeping Your Network Secure
Thursday, October 21, 2010
White Paper by Ira Winkle, Author of Spies Among Us
One of the most difficult issues security managers have is justifying how they spend their limited budgets.
For the most part, information security budgets are determined by percentages of the overall IT budget.
This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization.
The fact is that security can provide value to the organization, if there is a discussion of risk with regard to IT, as much as there is a discussion of risk with regard to all other business processes.
Calculating a return on investment for a security countermeasure is extremely difficult as you rarely have the ability to calculate the savings from the losses you prevented.
It is akin to being able to pinpoint automobile accidents you avoided by driving safely versus recklessly.
There is no way to accurately determine that information.
However, if you start to consider that Security is actually Risk Management, you can start determining the best countermeasures to proactively and cost effectively mitigate your losses.
By determining the vulnerabilities that are most likely to create loss, you can then compare the potential losses against the cost of the countermeasure.
This allows you to make an appropriate business decision as to justifying and allocating a security budget.
More importantly, if you can make such a business decision, you can justify increasing security budgets for additional countermeasures. The key is to be able to specifically identify an area of potential loss.
The goal of a security program is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss.
This paper discusses the management of Risk and Vulnerability Management is one of the few counter‐measures easily justified by its ability to optimize risk...
Download the Rest of this Free White Paper Here
Also available:
Comments
Post a Comment