Blog Posts Tagged with "ROI"
Information Security: Why Bother?
December 09, 2012 Added by:Simon Moffatt
The question, often raised as a bargaining tool, is often focused on the, ‘well I understand what you propose and I know it will increase the security of scenario X, but why should I do it?’. In honesty, it is a good question...
Comments (3)
Preventative -v- Detective Security
December 02, 2012 Added by:Simon Moffatt
Security has several issues from a proactive implementation perspective. Like anything, a detailed return on investment, including both tangible and non-tangible benefits, is required...
Comments (0)
The Security ROI "Death Spiral"
November 18, 2012 Added by:Rafal Los
The worst thing that can happen to a CISO is to get trapped in the ROI Death Spiral. I know, I know, we’ve all been told that we need to justify cost, manage expense, use the tools our companies provide us, etc. CISOs that don’t play by the rules won’t get anywhere...
Comments (0)
Your Next Critical Security Project May Not Be What You Think
October 23, 2012 Added by:Rafal Los
If we're honest with ourselves, we can look around the organization and find several projects that even though they are implementation-complete, are hardly "complete" as they sit. Too often after a catastrophic failure, or security incident we're pre-disposed to making hasty purchases to effectively stop the bleeding...
Comments (0)
Enterprise Security: Being Your Own Worst Enemy
August 30, 2012 Added by:Rafal Los
Enterprise security organizations can be their own worst enemies. Security is largely disconnected from the business, largely dependent on technology, and unable to be anything more than a cost center... and it seems like the more we rant and wave our arms the deeper the hole gets...
Comments (0)
About Antivirus, Security Awareness, Security Usability...
July 21, 2012 Added by:Ali-Reza Anghaie
No matter how many times it's warned against, most Security professionals use themselves and their contemporaries as the basis for what's "right". And as security becomes higher profile with more incidents it really starts looking like instead of having cynical contempt for the users, it's more like plain excuses...
Comments (0)
Security: It’s All About (Human) Networking...
July 15, 2012 Added by:Tripwire Inc
Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...
Comments (0)
The Patchwork Cloud: To Rent or Buy Your Cloud?
June 27, 2012 Added by:Rafal Los
One cloud does not fit all. Your cloud should be customized to fit your business. I believe that if you're going to have a cloud strategy you need to have a pragmatic approach which has you doing your due diligence, proper risk analysis, and understanding your cloud vendor...
Comments (0)
Booth Babe Challenge: Show Me the Money
June 18, 2012 Added by:Michelle Klinger
The general consensus regarding whether booth babes are appropriate is a resounding NO, yet vendors still find it necessary to use this strategy. Even amidst complaints by conference attendees & public mocking on social media sites, vendors stick to their marketing guns and bust out the busty femaninas...
Comments (0)
Disclosures: The Vulnerability of Publicly Traded Companies
June 12, 2012 Added by:Fergal Glynn
What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...
Comments (1)
Why Does Software Security Keep Falling off your Budget?
May 22, 2012 Added by:Rafal Los
Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...
Comments (0)
CISO 2.0: Enterprise Umpire or Wide Receiver?
May 21, 2012 Added by:Robb Reck
In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...
Comments (2)
Making Security Metrics That Matter
April 22, 2012 Added by:Robb Reck
The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...
Comments (2)
On the Value of Security Conferences
April 19, 2012 Added by:Rafal Los
What's interesting is the question of business value. Management sends employees to 'security conferences' to learn something and bring it back to the organization. But what value do the ever-increasing number of security conferences provide as stand-alone events?
Comments (1)
The Infosec Investment Equation - Can You Solve It?
April 09, 2012 Added by:Neira Jones
Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...
Comments (0)
Location, Location, Location: It Works in Risk Management
March 21, 2012 Added by:Edwin Covert
With the increase in cybercrime costs, organizations need to be able to ensure they are maximizing their return on risk management investment. An effective way of doing this is making sure the information security or risk management team is properly aligned within their organization...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)