Where do we spend the money?

I was involved in a debate today where three opposing views were being taken with regards to implementing a hypothetical new online application. Given a limited budget, should most of the money be directed towards network, application or data security?

Personally I believe that a more holistic view of the situation is required. We need to understand the way the organisation works, the cultures, the regulatory environment and so on. Not to mention physical security, security awareness, training and a myraid of other factors.

When looking at new systems I prefer to work out a set of security requirements based on the risks rather than breaking things down into technical categories.we need to consider the risks, describe the controls that work to mitigate them, and then consider the degree of affinity towards the risk that each of those controls has.

Once we’ve considered which controls are most effective – and what we might presently have lacking – then we can describe the security requirements and where we’re going to spend the money.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close