Managing Security in Economic Downturns

You don't need to read this blog for news on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 global economic depression. However, several people have asked me what it means for security teams, especially when Schneier Agrees: Security ROI is "Mostly Bunk". No one can generate cash by running a security team; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best we can do is save money. If your security team generates cash, you're eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r a MSSP, a collection agency of some sort (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se do exist, believe it or not!), in need of being spun-off, or not accounting for all of your true costs.

Putting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ROI debate aside, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are tough economic times. Assuming we can all stay employed, we might be able to work cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 situation to our advantage. Nothing motivates management like a financial argument. See if one or more of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following might work to your advantage, because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downturn.

1. Promote centralization and consolidation. The more large organizations I've joined, consulted for, or met, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more I see that successful ones have centralized, consolidated security teams. There's simply not enough skilled security personnel to protect us, and spreading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talent across large organizations leaves too many gaps. Think of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pockets of talent distributed across your own company, and how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir skills could be applied organization-wide if properly positioned. If head counts are threatened, make a play for creating a single central group that helps cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole company and bring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best talent into that team.


2. Convert business security leaders into local experts/consultants. If you work within a large company, your individual business leaders may not like seeing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir local staff join a larger company-wide organization. However, those that remain in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business should now be free to focus on what is unique about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir business, instead of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 minutiae of managing anti-virus, firewalls, patches, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r "traditional" security measures that are absolutely vanilla functions which could be outsourced overseas in a heartbeat. What's more valuable, a security leader who can run an AV console, configure a firewall, and apply a patch, or one who can advise cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir business CEO on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 risks, regulations, and realities of operating in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir individual realm? Notice I said leader and not technician. Technicians do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 routine tasks I mentioned and are ripe for outsourcing; don't cling to that role unless you wanted to be replaced by a Perl script.


3. Advocate standardization where it makes sense. For example, is it really necessary to have more than one "gold image" for your common desktop/laptop user? Why develop your own image when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal government is doing all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 work for you with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal Desktop Core Configuration? Turn cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 team that creates your own image into a much smaller one that tweaks cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FDCC, and redeploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 personnel where you need cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.


4. Cut through bureaucracy and authority barriers with a financial knife. This one really bugs me. How many incident responders out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re lose time, effectiveness, and data because 1) you don't know who owns a victim computer; 2) finding someone who owns cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 computer takes time; 3) getting permission to do something about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim requires more time? You can probably make a case for reduced help desk costs, fewer support personnel, and faster/more accurate/cheaper incident response if you gain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 authority to perform remote live response and/or forensics on any platform required, minus some accepted and reasonable exclusion list. This requires 1) good inventory management; 2) forensic agent pre-deployment or administrator credentials to deploy and agent or scripts as necessary; and 3) mature processes and trained people to execute.


5. Simplify and build visibility in. An example comes from my post Feds Plan to Reduce, Then Monitor. What's cheaper than 1) identifying all your gateways; 2) devising a plan to reduce that number; and 3) building visibility in? Step 1 takes some effort, step 2 might strain your network architects, and step 3 could require new monitoring platforms. However, when done, you're spending less money on gateways, less time scoping intrusions, and less resources on scrambling during incident response because you know all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ways in and out of your organization -- and you can see what is happening. This is a no-brainer.


6. Move data, not people. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 principle I mentioned in Green Security. I'm sure your travel budget is being cut. Why fly a security person around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world when, if you achieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 goals in step 4, you can move cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data instead? And, if you're building visibility in, you have more data available and don't need to scramble for it.


7. Wrap everything in metrics. This one is probably cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most painful, but it's definitely necessary. If you can't justify your security spending, you're more likely to be cut in a downturn. This doesn't mean "security ROI." What is does mean is showing why your approach is better than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 alternatives, with "better" usually meaning (but not always) "cheaper." It can be difficult to capture finances in our field, but I have some ideas. One is intrusion debt. If you've recently hired any outside consultants to assist with security work, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir invoices provide a ton of metrics opportunities. (You have a tangible cost that you wish to avoid by taking steps X, Y, and Z in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.) Metrics can also justify team growth, which is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next step out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downturn. Be ready!

If you have any ideas, please post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here. I think this is an important topic. Thank you.

---

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.