What can you do to maintain security in a large enterprise when your cyber budget is shrinking?
Sort By:
Oldest
Director of Information Security in Manufacturing2 years ago
I realize that this may not be the same for everybody, but in my experience we are really happy to collect a large number of 'best in class' tools and platforms. Several of those tools have evolved and now overlap with other tools, sometimes with quite acceptable results. A critical review of the tool landscape can really help weed out some of those. As a nice by-product we found a tool that was simply not worth the money we have been paying and decided to terminate the license. The vendor countered with a much more aggressive quote. Pretty much like your cellphone or your insurance bill, if you don't ask for a lower price you will certainly not get it!Chief Technology Officer in Software2 years ago
1. Use Layered Security Processes/TechnologiesEvery business needs to have a layered security approach to thwart cyber attackers and hackers. The importance of patch management cannot be overstated—confirmation of updated operating systems and applications is paramount. It’s important to install antivirus, spam detection, and filtering software on each computer, while also protecting the network via proper firewall configuration.
2. Download the Data Security Guide: Learn how to prevent, detect, and contain a data security incident.
Consider Data Encryption Software
Encryption algorithms and keys play a critical role in preventing hackers from getting sensitive business information. This can be useful for data both at rest and in transit, as well as for portable media and device access.
3. Protect Mobile Devices
Every business is operating in the age of mobility where their workforce is often operating remotely. Consequently, mobile device management (MDM) and security are vital part of IT security. Some of the ways to implement MDM are through the use of sign-on passwords, data encryption, and wireless connection encryption when using public networks.
4. Next-Generation Firewalls
Next-generation firewalls are a foundational element of preventing outside attacks to the network. Today, integrated firewall/VPN client solutions can automatically enforce fine-tuned security across a business’s network, as well as remote offices and on an individual user level. The many features of VPNs and next-generation firewalls enable administrators to:
Centrally manage security policies
Implement rule-based access controls
Define policies for different user groups
VP of IT Audit in Services (non-Government)2 years ago
Ensure the basics are maintained....user training/awareness, access rights, multi-layered approach, ensure patches and upgrades are applied, appropriate configurations.Chief Data Officer in Services (non-Government)2 years ago
Crucially, know your environment and how to prioritize. I remember an incident years ago when a third party ran a vulnerability scanning tool on our website and reported a SQL injection vulnerability. Kept repeating that it was number 1 on the OWASP list and kept insisting that we had to fix it immediately. I had to shut them down as our website was basically informational and did not have a database behind it.Secure Facilities Information Technology Manager in Manufacturing2 years ago
Maintain a well thought out cyber security training program for the employees that can be used over again with minimal revisions, as well as ensure that your core cyber security group understands the responsibilities of managing your network given the current budget concerns.