Monday, July 14, 2008

Security on Tight Budgets in Lean Times

CIO magazine had this interesting article on their web site last week about running an IT security department when times are tough -- like now -- on thin budgets.

The article pointed out, among other things, that security professionals shouldn't get complacent about their jobs. Even though their function is important, when cuts come, they can be axed too. This is counterintuitive to the fact security spending should actually be increased in lean times, when desperate people are more likely to try hanky panky.

But the key message of the article was that if staff is light, then make everybody a security professional, so to speak, through security awareness training and education. Make the rest of the staff your security eyes and ears.

Though a bit unrelated, it reminded me of the human side of security, which Bruce Schneier emphasized again in a recent interview for CSO online. He clearly explains his evolution from hardcore techie to security generalist, applying social sciences to security behavior. Interesting stuff.


Post a Comment

<< Home