Security Spending: Pound Foolish

When you're trying to eke savings out of a security budget, it can be tempting to tell yourself they are one-time cuts.

By Daintry Duffy

November 01, 2003 — CSO — When you're trying to eke savings out of a security budget, it can be tempting to tell yourself they are one-time cuts. "I'll get back on track next year when funding prospects are rosier," you promise. But some cuts are always a bad idea. The CSOs we spoke to recommend that their peers should never cut back their investments in the following areas.

Antivirus Update RenewalAntivirus is a staple of the security budget, and if the flurry of worms this past August taught you nothing else, it certainly illustrated the idea that virus and worm writers are a prolific crew. If they aren't going to take a break, neither can you.

Patching and Automated Patching Tools If only software manufacturers were as diligent and detail-oriented as virus writers. Until they are, patching will be another core function of the security group that can't be ignored.External Security Audits The external security audit is a huge line item, and security groups are often tempted to take it in-house for a year or so to avoid the exorbitant cost. But frequently the security staff is too swamped to do it, and it gets put off until the next year and vulnerabilities go unaddressed. Put your efforts into haggling down the cost of the audit, but don't forgo it.Perimeter Security You've heard it said that the corporate security perimeter is ever-expanding, so the perimeter defenses that you invest in should be growing in tandem. Intrusion detection systems and firewalls need to be updated and upgraded to keep pace with the rapid expansion of your network.

Read more about metrics/budgets in CSOonline's Metrics/Budgets section.

Other stories by Daintry Duffy

• Print

• Security Budgets: Money Well Spent
• Security Spending: The Dutch Granny Bike Equation
• Security Budget Benchmarks: Inside the Sausage Factory