QUESTION: HOW MUCH SECURITY DO WE NEED?

Jun 1, 2005 12:00 PM, LARRY ANDERSON, EDITOR


         Subscribe in NewsGator Online   Subscribe in Bloglines

Often in our industry, it seems we neglect to acknowledge the largest limiting factor related to how well we can protect our people, assets and facilities. That factor is money.

We spend a lot of time assessing security risks and designing possible remedies, suggesting perhaps that the level of risk decides the amount of security. But at the end of the day, the amount we spend on security is not determined by risk as much as it is by budget.

Does a risk become any less troublesome because there is not enough money in the budget to protect against it? Obviously not, and yet if that risk turns into an actual incident in a year or two, what happens? We blame a security failure, not a budget failure. We blame the security guys, not the management guys who made a decision that, in effect, involved ignoring a threat rather than paying to protect against it. How many of our security failures are, in the final analysis, a failure to provide the necessary resources to ensure the best security?

Our industry has done a lot to help security practitioners stretch the money they have to provide the best possible value — technology makes more things possible, and the cost of technology, in many cases, is going down because of economies of scale and the benefits of living in an IT/electronics-centric society. The result should be that our companies and institutions are safer today than ever before. If that is not true, the reason must be this: There are exponentially more threats than ever — and more different kinds of threats.

It's actually daunting if you think about all the various threats out there and the different ways we should be protecting against them. And yet, even allowing for efficiency gains from technology, we are limited by resources.

On the other hand, protecting against every single threat would spend all our money, in the process eliminating our profits and destroying the free enterprise system as we know it.

All we can do is provide the most protection for the amount of money on the table — and, please, let's be willing to acknowledge on the day after a costly security breach that perhaps we should have spent more.

YOUR THOUGHTS

We are looking for reader feedback. E-mail landerson@primediabusiness.com and tell us what you think!

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top