Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Looking for Sample Security Budget

from [Anton Aylward CISSP CISA] Network Security [Permanent Link]
Subject: Re: Looking for Sample Security Budget
Date: Mon, 29 Sep 2003 20:31:56 -0600

Start with staffing costs.
Don't forget insurance.

I'd invert your list - put people and process first since they will be
the major costs.  Technology and technological upgrade is easy to "push
out to next year" or finagle in other ways - heck, its often a tax
deduction and since it has "book value" as a tangible its easier to
justify.  Which means you have to work harder on the intangibles, which,
in the long run, are the ones that are really important - education and
awareness.

On Mon, 2003-09-29 at 21:59, James Bowman wrote:
> Have been tasked with contributing numbers for a 2004 security budget.  Any thoughts on what I may be leaving out?  Yes, I know this can be based on the goals of the organization, priorities, etc.  But think well-balanced...  Here's what I feel should be covered:

>
> NIDS and Firewall logs - Hire managed services to perform audits?
> Anti-virus and compliance checking
> Vulnerability scanning
> IPS?
> HIDS agents, (critical servers and sampling of workstations)
> Tripwire or facsimile
> Honeypots/nets
> Patch management
> Asset and Risk determination tools
>
> Lots of training and seminars, end-user education
>

--
Anton Aylward CISSP CISA <anton@si.on.ca>
System Integrity

>From - Mon Jan 1 00:00:00 1965 X-Mozilla-Status: 0000 X-Mozilla-Status2: 00000000 From:
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Looking for Sample Security Budget, Anton Aylward CISSP CISA <=
Previous by Date:  ISO 27001 books, gary
Next by Date:  Re: Reviewing Policies and Procedures, arif.jatmoko
Previous by Thread:  ISO 27001 books, gary
Next by Thread:  Re: Reviewing Policies and Procedures, arif.jatmoko
Indexes:  [Date] [Thread] [Top] [All Lists]