|
Valuing Security and Prioritizing Your Expenditures |
|
|
|
Source: Dancho Danchev - Posted by Eric Lubow
|
I often blog on various market trends related to information security and try to provide an in-depth coverage of emerging or current trends -- in between active comments. In previous posts "FBI's 2005 Computer Crime Survey - what's to consider?", "Spotting valuable investments in the information security market", "Why we cannot measure the real cost of cybercrime?", "Personal Data Security Breaches - 2000/2005" and, "To report, or not to report?" I emphasized on the following key points in respect to data security breaches and security investments :
- on the majority of occasions companies are taking an outdated approach towards security, that is still living in the perimeter based security solutions world
- companies and data brokers/aggregators are often reluctant to report security breaches even
when they have the legal obligation to due to the fact that, either the breach still hasn't been detected, or the lack of awareness on what is a breach worth reporting
- the flawed approaches towards quantifyingthe costs related to Cybercrime are resulting in overhyped statements in direct contradiction with security spending
- companies still believe in the myth that spending more on security, means better security, but that's not always the case
- given the flood of marketing and the never ending "media echo" effect, decision makers often find themselves living with current trends, not with the emerging ones, which is what they should pay attention to.
It is often mistaken that the more you spend on security, the higher level of security would be achieved, whereas that's not always the case -- it's about prioritizing and finding the most suitable metrics model for your investment.
Read this full article at Dancho Danchev
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
