Monday, February 2, 2009

Information Security in a down economy

Many organizations are reducing the overall budget and new projects are either getting postponed or suspended. So what can we as corporate information security professionals do to enhance or maintain security levels, some points to consider are,

  • Renegotiate support contracts to get better pricing.
  • Find open source alternatives. Ex: replace the host monitoring agents with OSSEC host agents, install Snort on an old and unused server, replace commercial VA scan tools with open source alternatives etc.
  • Tune the existing tools to get maximum benefit.
  • Inventory the infrastructure and perform risk assessment to find out if you are paying attention to the right network, systems, applications and data.
  • Prove the value of information security to the organization to get what ever funding you can get.
  • Demonstrate that the previous investments are paying off.
  • Get involved in the business activities and propose information security solutions as part of the business projects.
  • Attend various web casts, listen to many podcasts as an alternative to paid training while still learning in the field of information security.

2 comments:

Anonymous said...

Point # 3 is right on the money

Anonymous said...

Excellent post, we use some of them at work