Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Information security cost management report

Comsec Consulting Global : 21 January, 2009  (New Product)
Cost re-structuring initiative from Comsec Consulting for IT Security supported by report on the management of IT security costs
Comsec Consulting announces the launch of an IT security cost-restructuring approach aimed at improving the cost-efficiency of information security solutions. In addition, Comsec announces the availability of a supporting advisory paper providing the methodologies required to manage the cost of information security.

Over the last 20 years Comsec Consulting has developed a full set of comprehensive information security services and within these engagements has improved clients' risk profile and remediated compliance issues. Recently, Comsec Consulting, drawing upon its proprietary in-house developed methodologies, has pulled together all of the best practices in information security and has formulated a new approach aimed at IT security restructuring, specifically to respond to the current financial climate. This methodology can lead to higher efficiency with potential cost savings in IT security, as well as maintain, and in some cases reduce the risk profile of the enterprise, through security simplification.

Stuart Okin, Managing Director, Comsec Consulting UK, says "There are a number of studies which have estimated that spend on information security can range up to 15% of the IT budget, with additional costs hidden within the business. Early in 2008, analysts were still anticipating a growth of the IT security market of 29% in the US and Europe. However, due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats may be on the increase. The methodologies behind Comsec's IT security cost-restructuring approach provide enterprises worldwide with the ability to restructure existing security programmes and operations and in some cases reduce IT security spend, without compromising the level of information security.'

As described in the Advisory Paper, by using the Comsec Security Architecture it is possible to group the IT security restructuring into the following categories:

Standardisation and Industrialisation - includes embedding the security into the enterprise, through standards, such as Security Development Lifecycle (SDLC), which will remove the threats earlier in IT projects and reduce re-coding costs. As Comsec has provided SDLC services directly to software product companies, as well as enterprises we have seen a one hundred fold increase in security cost-efficiency in comparison to relying purely on the testing phases.

Consolidation and Optimisation of Security Controls - removing unnecessary security technology and improving processes. Each year new security technology and additional controls are layered on top of existing systems. However, these are often done without examining the change in the threat landscape, which results in potentially older redundant controls, e.g, consolidating firewalls and intrusion detection solutions, where externalisation has opened up ports making some of the network segmentation unnecessary.

Utilising Security Features - utilising security features across other divisions of the business and capitalising on inbuilt software technologies, providing central management and ongoing cost reduction as well as increased security. Many features, such as those found in identity and access management can lead to cost savings in other parts of the business, e.g., if there is a single view on the user-base, better software license terms can be arranged.

Simplification - simplifying the security environment can aid in cost containment and reduction and will also lead to a more secure enterprise. For example, simplifying training by combining SOX, ISO27001 and PCI IT security awareness will be both cost-efficient and actually more beneficial to the end users, as many of the messages in these disciplines overlap.

Supplier Management - through consolidating suppliers of security services, cost reduction can easily be achieved through economy of scale, reduction of procurement costs and global pricing. For example, after gaining in depth knowledge of an enterprise application, security white box testing on incremental changes, rather than full penetration testing can reduce cost expenditure.

Mr Okin says, "As security projects often involve several different departments and stakeholders, all with different risk appetites, they can suffer from frequent delays and scope changes. Therefore with a centralised agenda, as well as a clear cost focused business case, security programmes and operations are going to be implemented faster and more efficiently, with an overall improvement to the enterprise's risk position."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo