Government Security
Network Security Resources

Jump to content

Photo

Poll: If You Could Only Fund One Security Item?

- - - - - security network virus patch
  • Please log in to reply
6 replies to this topic

Poll: What would you choose? (13 member(s) have cast votes)

If You Could Only Fund One Security Item What Would it be

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#1 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 03 February 2009 - 01:44 PM

Ok I figured this is a good question with budgets tightening down so much. If your CFO or your boss came to you and said. "We can only put one item in the budget for anything related to security" What would you choose? I am going to keep this pretty open as to what constitutes an item in information security.

I am defining security as basically anything that help protect your systems from intrusion or a regulatory issue. So what would you spend your money on? Would it be Enterprise Anti Virus for workstations? Or would you focus on patch management? Or would you focus on the border of your network?

Obviously funding one item does not make your network secure but it would be interesting see what people choose.

#2 Jeremy

Jeremy

    Commander in Chief

  • Retired Admin
  • 2,459 posts

Posted 03 February 2009 - 02:53 PM

Where is training on the list? Hopefully, you already have the tech in place. Continual training is the best defense once you have a basic security perimeter and end user protection in place.

#3 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 03 February 2009 - 04:23 PM

That is a great point jeremy so I added it. Some serious training for users would probbaly have a long lasting impact for preventing problems all year long.

#4 Glyph

Glyph

    General of the Army

  • GSO Management
  • 1,603 posts

Posted 04 February 2009 - 07:41 AM

Have to agree with Jeremy.. all the rest can be 'cobbled' together out of miscellaneous resources.. but without the training you'll likely not show the best roi for your effort.

#5 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 04 February 2009 - 08:41 AM

Also you could probably create a pretty reasonable information security program your self with little to know cost. A good way to really stretch that dollar.

#6 Jeremy

Jeremy

    Commander in Chief

  • Retired Admin
  • 2,459 posts

Posted 04 February 2009 - 09:25 AM

The cost is not the trainer or materials, it is the cost of having all those trainees spending half a day sitting in a class and getting paid while not being "productive"
If you spend $1000 for a day long training of 10 people, you could easily be spending 3 times that amount to pay those people to attend the training.

PS I am biased about training since I work in the education realm.

#7 beardednose

beardednose

    Retired GSO First Lieutenant

  • Sergeant Major
  • 1,917 posts

Posted 04 February 2009 - 10:22 AM

I picked workstation AV because every computer user has the potential to come in contact with malware, and in most cases, users don't have to do anything.

I like training users, but the problem is that it ususally doesn't stick or they don't care.

I would add to the poll one item which I would select over the others: Management support of standard security practices.

That will help bring about more change. It's also the answer to most of the CISSP exam questions. ;)
Don't post just a THANKS! Here's why...

Forum Rules you need to know...RuLeS





Also tagged with one or more of these keywords: security, network, virus, patch