Managing Risk and Keeping Your Network Secure

Wednesday, October 20, 2010

Sasha Nunke


White Paper by Ira Winkle, Author of Spies Among Us

One of the most difficult issues security managers have is justifying how they spend their limited budgets.

For the most part, information security budgets are determined by percentages of the overall IT budget.

This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization.

The fact is that security can provide value to the organization, if there is a discussion of risk with regard to IT, as much as there is a discussion of risk with regard to all other business processes.

Calculating a return on investment for a security countermeasure is extremely difficult as you rarely have the ability to calculate the savings from the losses you prevented.

It is akin to being able to pinpoint automobile accidents you avoided by driving safely versus recklessly.

There is no way to accurately determine that information.

However, if you start to consider that Security is actually Risk Management, you can start determining the best countermeasures to proactively and cost effectively mitigate your losses.

By determining the vulnerabilities that are most likely to create loss, you can then compare the potential losses against the cost of the countermeasure.

This allows you to make an appropriate business decision as to justifying and allocating a security budget.

More importantly, if you can make such a business decision, you can justify increasing security budgets for additional countermeasures. The key is to be able to specifically  identify an area of potential loss.

The goal of a security program is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss.

This paper discusses the management of Risk and Vulnerability Management is one of the few counterÔÇÉmeasures easily justified by its ability to optimize risk...

Download the Rest of this Free White Paper Here

Also available:

Top 10 Reports for Managing Vulnerabilities

Possibly Related Articles:
Risk Management Vulnerabilities
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.