The application of network security policies will be a key topic at the analyst firm's network security briefing in London next week (4 February). Maxine Holt, senior research analyst at Butler Group, said, "There are a lot of organisations that do not even have a security policy."
Holt warned that a security policy is a crucial part of any firm's security strategy. She said, "It is all very well for organisations to spend hundreds of thousands of pounds on the latest network security solutions, but if they have not got the policy to back it up, they will not get the maximum benefit."
A report from Butler Group published in 2003 warned that some companies have responded to security hype from the media and suppliers by investing in security products just because they think they should.
But Holt believes that having an effective security policy and undertaking regular risk assessments can help users avoid unnecessary expenditure.
She said, "If you think it will take 90 seconds to hack into your network, there is no point in investing in security that will detect an intruder within 10 seconds, particularly if you already have the necessary technology in place."
Butler Group advocates a layered approach to IT security that encompasses a range of security products in different areas. These include anti-virus products, firewalls, intrusion detection systems and virtual private networks.
Holt advised users not to put all their eggs in one basket when buying security products. Companies should look for a best-of-breed approach, rather than buying all their products from the same supplier, she said.
Holt said her presentation at the network security event would also examine the feasibility of achieving a return on investment. She said, "What organisations have to do is to view security as an insurance and decide what the cost of not having it would be."