Building better Cyber Security Business Case
Nowadays, it's become quite apparent how IT vendors are presently pitching the importance of building a business case. Merchants desperately want to provide IT professionals the information needed to convince skeptical unit managers to buy their wares for the betterment of society.
Putting aside the idea that the promotion of vendor products is something that only vendors should be concerned with, arguing for network security staples like web application security strategy or proper pitch management process shows how low the standing of the IT department has fallen and how high the stock of the penny pinching executive has risen.
Take action and build a strong Cyber Security process plan
In any event, here are two practical—or at the very least serviceable—guides in building a useful patch management process and business case based on the research papers published by two industry giants within the IT and PC industry.
According to Dell's guide, building a business case for patch management is the most important step in procuring executive support. After all, an unpatched vulnerability is the surest way to lose company productivity, increase the risk for legal consequences, and decrease customer confidence in your company's networking-related abilities. In addition, the total expensiveness of an exploited security hole can quickly and easily trump the cost of patching it.
Dell's paper outlines and summarizes the bureaucracy and processes usually involved in patch management. It even enumerates the steps needed in order to streamline and optimize the business case for its intended task of organizing vulnerability patches. It further contends the importance of forming a bug and patch group and recommends a charter to detail the team's tasks and duties. The straightforward-to-the-point-of-blandness guide contains a lot of links and practical advice on policy creation as well.
According to Bruce Schneier problem of insecure programs are economic
In regards to application security business cases, it's important to remember the main problem of all insecure programs. According to Bruce Schneier, a world-renowned security guru, vulnerable applications are primarily an economic problem instead of a technological one—a point that Hewlett-Packard approvingly cites in its calls for building a business case for web application security.
Because web software tends to be more sophisticated than the average PC program, they create more opportunities for hackers to attack and spread chaos over a given network. It's quite obvious that HP's argument about security risks from Internet-based programs validating the need to commit to secure application procurement and development is a sound one, even though it appears less evident to many of their potential clients.
In any case, HP's business-case-building guide starts with the discussion of business case models for web program protection and ends by outlining where its innovations and technology is placed within the application cycle.