Cost of IT Security
This probably can be applied to any security, but I will look at it from an IT guys perspective since that's where I'm sitting looking out over the fields.
Once the day comes and your network/computer is breached through loopholes or badly patched systems or whatever it may be it will cost your company (a lot of) money. It can be through information theft, goodwill or just plain hooliganism deleting important data. This cost is often credited as a "non-foreseen" cost and your security department will get questions why this or that happened and why the department costs so much money to run, to begin with.
What the people with the money bags often don't realize that this cost comes from executives "saving" money earlier on by launching services/applications that weren't ready for launching. "Let's skip this, we can fix it later" kind of mentality so the money starts pouring in as soon as possible. Mentality like that will eventually bite them in the butt when something bad happens.
If projects were run with security in mind from the beginning, and not just something that pops up at the end of a project money could be saved in the long run, and those extra invoices and overtime hours would be kept at a minimum, but this a hard task to teach the individuals with the money, cause not only do they have to pay, they have to show the owners that they can make money too.
Marcus J Ranum (a very pleasent guy by the way) has put his thoughts on this on the Firewall Wizards list quite elegantly.
Once the day comes and your network/computer is breached through loopholes or badly patched systems or whatever it may be it will cost your company (a lot of) money. It can be through information theft, goodwill or just plain hooliganism deleting important data. This cost is often credited as a "non-foreseen" cost and your security department will get questions why this or that happened and why the department costs so much money to run, to begin with.
What the people with the money bags often don't realize that this cost comes from executives "saving" money earlier on by launching services/applications that weren't ready for launching. "Let's skip this, we can fix it later" kind of mentality so the money starts pouring in as soon as possible. Mentality like that will eventually bite them in the butt when something bad happens.
If projects were run with security in mind from the beginning, and not just something that pops up at the end of a project money could be saved in the long run, and those extra invoices and overtime hours would be kept at a minimum, but this a hard task to teach the individuals with the money, cause not only do they have to pay, they have to show the owners that they can make money too.
Marcus J Ranum (a very pleasent guy by the way) has put his thoughts on this on the Firewall Wizards list quite elegantly.
Comments
Post a Comment