Баннер
  • Безопасность

  • Тесты и Аудит

  • ПО

  • PCI DSS

  • ISO27001

  • Планирование безопасности

    Наш подход к планированию и разработке стратегии безопасности ERP основан на оценке рисков, которым подвергается бизнес и принимает во внимание: Корпоративные требования...
    Читать дальше...
  • Корпоративная Безопасность

  • CODEFEND

    Технология CODEFEND позволяет проводить автоматизированную проверку исходного кода приложений с привязкой к используемой технологии и с возможностью написания кастомизируемых...
    Читать дальше...
  • Тест на проникновение

  • Анализ кода

  • Ping Identity

    Решение для идентификации и SSO c низкой стоимостью владения. Это инновационное решение может поставляться как облачный сервис (on-Demand) и как решение для интеграции в...
    Читать дальше...
  • Сервис Panaya для SAP ERP

  • Retalix

  • Требования PCI DSS

  • ISO 27001

    Информация зачастую является ключевым активом компании, а ее защита - приоритетной задачей. Получение сертификации по стандарту ISO 27001 позволит сохранить и защитить...
    Читать дальше...
Developed by JoomVision.com

Сколько Вы тратите на обеспечение Вашей IT безопасности?

PDFПечатьE-mail

By Stuart Okin, managing director of Comsec Consulting UK
Published: May 1 2009 09:37 | Last updated: May 1 2009 09:37

What a business is spending on its IT could amount to 2 per cent of revenue – a figure that should make everyone sit up and think.

Consider a global hi-tech company, operating in about 20 countries, with a user population of 10,000 and revenues of lb850m. Such a company would need to make sure the following areas have all been attended to:

  • Process activity – such as risk assessments, audit and penetration tests.
  • People activity – such as awareness campaigns, security and compliance training.
  • Development activity – such as re-coding applications with security vulnerabilities.
  • Technical controls – such as AV, firewalls, intrusion detections systems, patch management.
  • Operations and incident management – monitoring network and security.
  • Fraud prevention – including investigation services.

The heads of security within companies I have spoken to over the past couple of months do not know how much they spend on IT security. But the cost of IT security could be between 0.01 and 2 per cent of revenue. In the case of imaginary company, this would equate to a potential lb17m.

I have been working with a large enterprise in pulling together a model to understand the true cost of IT security. Both my sponsor and I believe we can produce huge financial savings, through standardisation, consolidation, better utilisation of what is in place, improved supplier management, and implementing fraud mitigation solutions. Any change programme requires investment. The first step, therefore, is to work out what is spent today on IT security, in order to make a business case for investment. One head of security I spoke to at a large financial organisation, called their IT security “a cottage industry within the company”. This is because the last few years have seen the security agenda break up into a fragmented model – it has been pushed away from the centre.

This does have some benefits, as it moves security closer to the coal face, resulting in improved awareness and responsiveness, but it can also lead to silo thinking, with the implementation of costly point solutions, localised standards and isolation of good practices.

The concern I have is that if a business does not know what it has across the entire organisation, then how does it know whether it has the appropriate tools and operations in place to minimise risk to the business.

Businesses should use the recession to open up opportunities: for IT security leaders, this means being proactive in order to help the business save money and improve the overall security environment.

However – be warned – this will mean the IT security leader will need to take on responsibility and accountability.

Joomla! Template design and develop by JoomVision

Случайная новость

ISO опубликовала новый стандарт по управлению информационными рисками

Международная организация по стандартизации (ISO) подготовила новый документ, в котором описываются механизмы внедрения и применения рискоцентрического подхода к обеспечению информационной безопасности на предприятии. Специалисты убеждены, что этот стандарт будет полезен всем организациям, которые заинтересованы в грамотном управлении IT-рисками.