Author: admini

Virus and hacker attacks have shot up by 20% in the first six months of this year, according to security experts.

With companies experiencing an average of 38 attacks a week, ensuring these vulnerabilities in systems are patched or fixed, is “critical” to their survival.

To protect themselves, companies and home users need to use a combination of protective safeguards.

More info: [url=http://news.bbc.co.uk/2/hi/technology/3154806.stm]http://news.bbc.co.uk/2/hi/technology/3154806.stm[/url]

CIOs should provision contingencies for business continuity and address the disaster recovery and continuous availability of systems to minimize the impacts of outages and to further ensure the IT organization’s credibility.

A note of caution, however: two-hour recovery time objectives (RTOs) are typically 10x regular operating costs.

Short-term vs. long-term compliance activities: Some CIOs will find it in necessary to provide for a longer implementation period in light of their organization’s respective risk profile, level of resilience, and unique business circumstances.

Bottom Line: CIOs must commit to robust recovery capabilities and prepare the ITO to respond to a wide-scale disruption by adopting sound BCP and DR practices.

META Group originally published this article on 29 October 2003.

More info: [url=http://techupdate.zdnet.com/techupdate/stories/main/Banking_on_IT.html?tag=tu.scblog.meta.6673]http://techupdate.zdnet.com/techupdate/stories/main/Banking_on_IT.html?tag=tu.scblog.meta.6673[/url]

When it comes to budgets, less can be more.
Compare, for instance, your security budget with the annual salaries of professional football players. You’ll find that both are based on tangible and intangible valuations.

For many CSOs, their departments’ cost-center status is not just an accounting designation, it’s a state of mind. The good news is that the CSO is no longer the corporation’s poor relation.

In a worldwide study conducted by CIO (CSO’s sister publication) and PricewaterhouseCoopers released in October of this year, approximately 7,500 CEOs, CFOs, CIOs, CSOs, and vice presidents and directors of IT and information security were polled on their security spending habits.

When asked to compare their 2003 security budgets with 2002, 45 percent of the survey’s respondents indicated that their budgets would increase a little, with 17 percent claiming that the increase would be significant. Only 8 percent of respondents said that their budgets would decrease.

It turns out that increasing funding is not just a wish or a goal for the CSO, it’s a strategic initiative. A full 30 percent of respondents reported that one of their top strategic objectives is to expand that budget even more.

When respondents were asked what factors presented a barrier to good security measures at their organizations, a limited budget far outweighed any other response.

Tips:
– Be the Chief Self-Esteem Officer
CSOs need to be calm, deliberate and forceful.
– Don’t Pass the Buck, Pass the Check
Look at exactly what is included in the security budget. Are there projects and programs that shouldn’t be there? CSOs must do the legwork of selling business units on the benefits of new security technologies and programs.
– Practice Pavlovian Security
CSOs can save themselves considerable budgetary wrangling when they lean on policies, procedures and behavior modification techniques instead of expensive technology solutions.
– Become a Fast Follower
Security is one area where there is no prize for first place. That’s especially true when CSOs waste their budgets on new technologies that aren’t quite ready for prime time.
– Communicate Early and Often
CSOs may be good at talking with their teams, but when it comes to their executive peers, they’re typically not as skilled.
– Believe in Vendors
Turn those arm’s-length relationships into strategic partnerships, you can squeeze a much greater benefit out of the money you’re already paying them and offload security tasks that you don’t have the budget to do in-house.
– Use People, in a Good Way
“I would rather pay more money and have less officers than have a whole bunch of officers that don’t know what they’re doing”

Security doesn’t have to make money—most of the time it’ll be a cost. One area that most CSO agree is ripe for finding cost savings is in guard contracts. That’s challenging because guards become “an emotional fixture.”

More info: [url=http://www.csoonline.com/read/110103/money.html]http://www.csoonline.com/read/110103/money.html[/url]