How to make a credible case for spending money on IT security. “Shut it down, now!” The guy issuing this command was my chief information security officer (CISO). The “it” he ordered shut down was our entire Internet infrastructure. That infrastructure was generating more than $2 million of high-profit revenue every day. After a sleepless night he had finally figured out why we were suffering a prolonged denial-of-service attack. Our firewalls should have been flawlessly deflecting this attack, but they weren’t. The “bad guys” were on us like flies on a dead dog. His sudden realization was that the firewalls had been reloaded without any of the most critical defensive rules. The cause of this attack turned out to be human error, but the event triggered a complete review of our Internet security, followed by a decision to beef up our defenses and outsource much of our security administration and monitoring. Back in the good old days, security consisted of a few firewalls and some virus protection. The threats have outgrown those simple defenses, and the cost has outgrown the approval level of the CISO and, sometimes, that of the CIO. Fortune 500 companies are finding themselves with security expenditures that require CEO and even board-level approvals. Each one of these companies comes with a beady-eyed chief financial officer demanding a rock-solid business case with a credible return on investment. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.