News
5 Tips for Managing Security in a Recession
As company purse strings continue to tighten in a tough economy, can security afford to manage risk and even be a business driver? Art Coviello, President of RSA, gives CSOs some tips
By Joan Goodchild, Senior Editor
Coviello also suggest repurposing people to avoid layoffs and to strategize more efficiently. That was the case recently at RSA when security incident and event manager systems allowed more automation of events. Staff that was previously in charge of tasks now automated got reassigned.
"We didn't lay those people off. Instead of growing our cost base 25 percent we were able to keep it flat," said Coviello.
Build repeatable processes
Creating standardized ways of doing things can go a long way towards creating efficiencies, states the report. Different units often have different ways of doing the same things. Can that be changed to run security more efficiently?
Coviello pointed to what the report refers to as "low hanging fruit," for easily gaining efficiencies, such as identity and access management. Does every division really need, for example, a different ID Admin Request mechanism or a different Privilege Access Management System?
"A key point is, don't reinvent the wheel," said Roland Cloutier, CSO with EMC Corp., in the research summary. "There are incredible opportunities throughout a company to leverage assets from other groups to reduce the cost of ensuring the protection of a company. That may be from IT, Audit, or the Finance group. Spend the time looking at what's already been done rather than just going and doing it again. Then trust and use the information from your internal partners."
Create an optimal shared cost strategy
"Everyone has their hand out for shared costs these days and a lot of those hands are getting slapped," said Coviello. "But the thought here is security needs to be considered in any budget and you shouldn't just rely on the core security organization to constantly be funding these. It's fundamental to any effort that you have."
According to the research, there are three categories of security activities, and each is typically paid for differently. The three categories are: Security strategy and knowledge management, critical day-to-day operations, and project engagement. Determining cost sharing can be tricky, but is essential.
"In an era when the business environment is very dynamic, how do you distribute the resources where they're needed?" said Bill Boni, corporate vice president of information security and protection for Motorola, in the report. "How does the security team guess how many resources they're going to need in order to manage all of the requirements across the organization? Instead of building a security empire, have the organizations own the incremental assets. Security provides the standards and has a governance program."
RSA
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
