News
Making Security Work When Staffing is Tight
When you can't afford new hires, there are plenty of ways to give the people you have better security scruples. (Part One in a series: How to Manage Security in a Recession)
By Bill Brenner, Senior Editor
June 19, 2008 —
About this series: Smaller staff. Deflated security budgets. In-store thievery. When economic times are tough, these are the things security pros must contend with. In this ongoing series, CSO magazine looks at ways to ensure the best security possible during a recession.
One of the basics of Security Management 101 is that you should make the most of the staff you have and get them as much training as possible. But it's easy to lose sight of that when times are good, operating budgets are fat and attention shifts to hiring more bodies and investing in the latest commercial security tools.
The conventional wisdom is that security is a safe sector to work in during the current economic slowdown, since companies always need security pros to help ensure regulatory compliance, prevent data breaches, and protect assets and revenue. But industry experts warn against complacency. After all, they say, security hiring can take a hit along with everything else when times get tough.
"Many businesses decide to cut back on security when times get tough, and realistically this should be a time where adequate or even increased security makes more sense," says Roger H. Schmedlen, a Michigan-based consultant specializing in physical security and loss prevention. "Security is often hard to justify in a measurable way. When there are few apprehensions, this is often because security has minimized the exposure and is doing a good job. But management may take this to mean that there is little need for security."
To maintain security during a staff shortage, experts say it's important - even critical - to pour time and money into security awareness programs and training to boost the security savvy of existing employees, whether they work in that area or not.
Meanwhile, experts say security can be maintained during staff shortages through strict enforcement of industry standards and regulations.
"Probably the most important thing a company can do is invest in the education and training of staff," says John Bambenek, a security consultant from Illinois.
Making all employees part of the security team
Bambenek, who specializes in network security, intrusion detection and forensics, notes there are plenty of open source tools available for security shops that can't afford the latest and greatest defensive mechanisms. Existing commercial tools can also be better maintained or tweaked with the right scripts. But to make these things work, employees need constant training, he says, adding that "trained staff know how to make the most of their abilities to get the job done, even without commercial tools."
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
- Forrester Reports 321% ROI Through Device-Based Fraud Management
- Enterprise Management Associates: Taking the Botnet Threat Seriously
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
