Recently in Old commissions Category

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Deadline for leads is 7th November 2008. Email me or leave a comment below.

Extending the ROI on information security expenditure

How Information Security Professionals (ISP) can ensure that their investment in technology, people and consultants actually pays off. What are the best ways to ensure they get value for money, please the CEO and CFO and improve security - all at the same time?

The conundrum of being an effective information security professional is that if you do a good job then there aren't any tangible results -- you can only point to reduced or zero breaches. If the baord sees that the company seems to be insulated from attack it may be hard to get agreement for increased spend or bigger teams.

The problem is that the board doesn't see what you see. They don't know that you and your team are working 14 hours a day just to keep up with the waves of attacks and patching old systems.

So how does the CISO?

- Devise a budget

- Model the likely level of attack for the next four quarters (risk assessment)

- Audit current system architectures

- Work out how much to spend

- Get the best value and deals from vendors and consultants and resellers

- Prove to the board that without the investment and spend required the company would suffer monetary loss

- prove what the ROI would be on security spend

What skills does a CISO need to do all this? Are there any software tools available that can help? Can consultants help?

Should information security actually be exempt from proving ROI as it is necessary in the same way as physical security like alarms, fire exits, CCTV etc which most of the time are redundant to the functioning of the company's core business.

Box 1 recessionary times
This feature has become all the more topical given the current financial crisis and the impending recession but there are two schools of thought at the moment. One is that security spend will hold up as it's the one area that business cannot afford to skimp on because attacks may increase. Others however think that it is unlikely and that spending will be squeezed on security and at the very least legacy systems will be patched and made to last and 2009 budgets will remain static at best - cut at worst. What is the truth about all this? Who is right?

Box 2 CASE STUDY
An interview with a CISO or CSO from a well known business about how they configured their budget, got buy-in from the board and possibly devised a system to prove ROI on their architecture, policies and staff.

This feature is designed to help information security professionals educate company employees about the importance of security awareness and employee responsibility.

This article will be a practical guide to penetration testing for companies that need to check their company's security is as good as they hope it is

This article will concentrate on the technologies, systems and processes that businesses are deploying to ensure they meet compliance standards. What kind of strategies are they putting in place? Can compliance be achieved without any extra investment in kit?

All television commissions need to be '360º', these days, with web sites, mobile content, et al, considered from the outset. But is there a genuine market for this content? And is there the necessary budget to create it?

Like videos before them, DVDs have come out weeks, months or years after the film or TV show has aired. With more and more people waiting until DVDs are released before watching an entire series, is it time for the whole idea of 'windowing' to be done away with?

What are the best ways for IT managers to combat image spam themselves, how outsourcers are fighting it and whether it's now managing to evade the previous (and possibly current and next) generations of anti-spam devices and software (eg Bayesian, rules-based, etc). Does it require new technology or can the old technology adapt?

In the US, iTunes is in the king of Internet television content, with simple one-click purchasing of content that viewers can own and play forever. Various free Flash-based services from the major networks, such as InnerTube from CBS, allow viewers to play catch-up for free with shows they've missed or that have been cancelled (such as ABC's Daybreak). Networks are already talking about showing the fall's new programming online first to create good word of mouth. With ABC having sold out all its ad space on ABC.com, is making money on the Internet with television finally possible?

This article will look at 802.11n - aka WiFi N - how to get it, what it is, pitfalls in the UK and Europe, why you need it (e.g. video streaming), when it will be ratified, whether you should wait for ratification of jump in now, and what the options are for getting it.

This article will explore the type of projects universities take on, why work is farmed out to them rather than commercial organsiations, and what skills have been built up (with a view to potential commercial spin offs).