Metrics and Budgets

Metrics and Budgets news, information, and how-to advice

crime scence police tape
executive on ladder drawing financial charts and investments

analytics network monitoring

SIEMs-as-a-service addresses needs of small, midsize enterprises

Traditional security information and event management systems are expensive, require dedicated security staff, and are difficult to set up and manage -- but managed security service providers are stepping in to make SIEMs practical...

zero days poster

Shall we care about zero-day?

Gartner says that 99% of exploited vulnerabilities are publicly known. Does it mean we can ignore zero-days?

business man holding money bag

Yahoo shows that breach impacts can go far beyond remediation expenses

Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included...

rich banker cigar money fire greed

Cybersecurity: is it really a question of when, not if?

Can you imagine your banker saying “it’s not a question of if I lose your money, but when will I lose your money”?

muddy waters

Navigating the muddy waters of enterprise infosec

Information security finally has executives’ attention, but aligning with business needs is still challenging.

Wearing multiple hats in IT

Security challenge: Wearing multiple hats in IT

Handling both security and IT duties involves a daily balancing act for the resource-constrained IT organizations that must take this approach. But along with the challenges, there can also be benefits.

grade blackboard cminus

Is security making the grade? What IT and business pros really think

When it comes to security, who’s in charge, where do roles and responsibilities overlap, and what are the biggest challenges to aligning infosec and business goals? A joint CSO, CIO, Computerworld survey sheds some light.

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training

phishing

How do you measure success when it comes to stopping Phishing attacks?

What's considered a win when it comes to Phishing? This question was posed to IT workers and non-executive types earlier this month, and everyone had a different opinion on the topic. The general feeling among defenders was that a...

budget

Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

keeping score

What’s in a security score?

In May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and...

gap stretching

Insurers working to fill cyberinsurance data gaps

Insurers are starting to expand their services to better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur

crowd stadium

Can crowd security testing be cost efficient for web apps?

Can Bug Bounty programs be a cost-efficient complement for security testing of modern web applications?

cash 100s bills

Training helps CISOs stay relevant

Lack of funding, resulting from poor business alignment, is the biggest risk facing any security program. The SABSA security architecture methodology can help solve this problem.

Business strategy wall

Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...

Scissors cutting money for budget slashing

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up...

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

raise money bonus windfall

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

Load More