How to Strengthen Network Security on a Smaller Budget - 1

 
 
By Jon-Louis Heimerl  |  Posted 2010-04-14 Email Print this article Print
 
 
 
 
 
 
 

IT departments are continually looking to upgrade their network security, but often have limited budgets. As management continues to lower funding for information security initiatives, IT staff must look for ways to spend dollars that will get them the most bang for the buck. Here, Knowledge Center contributor Jon-Louis Heimerl offers five tips for IT professionals on how to strengthen their network security on a smaller budget.

Times are tough. The economy is down. Spending is controlled. And your budget is cut. Specifically, your security budget has been hacked to pieces because ROI for security is a pretty tough sell. As management continues to decrease funding for IT and information security initiatives, IT professionals need to focus spending dollars where they will get the most for their money.

The reality is, in today's economy, information security professionals must do more with less funding, less training and, more often than not, not enough internal staff to support the organization's business requirements. So, as IT budgets continue to shrink, how can you secure your network? Here are five tips on how to improve your security program by doing more with less.

Tip No. 1: Share the load

Chances are there are a variety of groups within your organization that have some responsibility for information security. At most kickoff calls, attendees include representatives from several different business units who are all required to provide project support.

Start identifying people now from areas besides the information security group such as audit (yes, audit), IT, human resources and legal to determine if your current initiatives match theirs, and then consolidate. You will need as much leverage as possible to support your needs and requirements, so partner with your internal people to see how they are planning to meet their requirements. See if you can leverage resources to achieve a common goal.

For example, if you have any PCI (Payment Card Industry) initiatives, did you know that if you have people who are trained to perform external penetration testing, you do not need to hire an external firm to meet your 11.3 requirements? You just need to make sure your people scope the environment accurately, and then work with your PCI assessor and your internal audit group to determine if they will accept the report. Save any dollars here for application security testing or any other initiative that requires specific expertise.

 



 
 
 
 
Jon-Louis Heimerl is Director of SAAS Development for Solutionary, Inc. Jon-Louis has over 25 years of experience in security and security programs. His background includes everything from writing device drivers in assembler to running a worldwide network operation center for the United States government. Jon-Louis has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. His consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises. He can be reached at jonheimerl@solutionary.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel