Building better Cyber Security Business CaseNowadays, it's become quite apparent how IT vendors are presently pitching the importance of building a business case. Merchants desperately want to provide IT professionals the information needed to convince skeptical unit managers to buy their wares for the betterment of society. Take action and build a strong Cyber Security process planIn any event, here are two practical—or at the very least serviceable—guides in building a useful patch management process and business case based on the research papers published by two industry giants within the IT and PC industry. After all, an unpatched vulnerability is the surest way to lose company productivity, increase the risk for legal consequences, and decrease customer confidence in your company's networking-related abilities. In addition, the total expensiveness of an exploited security hole can quickly and easily trump the cost of patching it. It even enumerates the steps needed in order to streamline and optimize the business case for its intended task of organizing vulnerability patches. It further contends the importance of forming a bug and patch group and recommends a charter to detail the team's tasks and duties. The straightforward-to-the-point-of-blandness guide contains a lot of links and practical advice on policy creation as well. According to Bruce Schneier problem of insecure programs are economicIn regards to application security business cases, it's important to remember the main problem of all insecure programs. According to Bruce Schneier, a world-renowned security guru, vulnerable applications are primarily an economic problem instead of a technological one—a point that Hewlett-Packard approvingly cites in its calls for building a business case for web application security. It's quite obvious that HP's argument about security risks from Internet-based programs validating the need to commit to secure application procurement and development is a sound one, even though it appears less evident to many of their potential clients. |