Operations

2/5/2018
02:00 PM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

7 Ways to Maximize Your Security Dollars

Budget and resource constraints can make it hard for you to meet security requirements, but there are ways you can stretch your budget.
2 of 8

Optimize Product Utilization
Before spending money on new or more security tools make sure you are getting the most out of what you already have, says Roselle Safran, president of cybersecurity consultancy Rosint Labs. Often, businesses that buy new tools end up not utilizing them fully or exploring all the ways the technology can be used, says Safran, a former manager of cybersecurity ops at the Executive Office of the President during the Obama era.
Products keep getting enhanced all the time and a tool that you purchased a year or two ago for a specific purpose may now have the ability to do other things. So before shopping for new products make sure you are harnessing all the capabilities of what you already have. 'Often, there are products that can cover several different tasks,' she says. 'Using all the capabilities that your products have is less expensive,' than splurging on more tools. Optimizing product use can be a great money saver, she says.
Image Source:  v2e via Shutterstock

Optimize Product Utilization

Before spending money on new or more security tools make sure you are getting the most out of what you already have, says Roselle Safran, president of cybersecurity consultancy Rosint Labs. Often, businesses that buy new tools end up not utilizing them fully or exploring all the ways the technology can be used, says Safran, a former manager of cybersecurity ops at the Executive Office of the President during the Obama era.

Products keep getting enhanced all the time and a tool that you purchased a year or two ago for a specific purpose may now have the ability to do other things. So before shopping for new products make sure you are harnessing all the capabilities of what you already have. "Often, there are products that can cover several different tasks," she says. "Using all the capabilities that your products have is less expensive," than splurging on more tools. Optimizing product use can be a great money saver, she says.

Image Source: v2e via Shutterstock

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Michael Lines
0%
100%
Michael Lines,
User Rank: Author
2/15/2018 | 3:07:00 PM
And start with risk...
All good points in terms of what companies can do to maximize the effectiveness of their security program. The item I would add, and suggest should be step one, is to view their security program through the lens of risk. What are the critical assets of the company (which can be data, business processes or systems), what are the most likely threats to those assets, what vulnerabilities exist against likely attacks, and finally what are the ramifications from a successful attack. From that, the CISO can develop a list of actions to close the gaps, prioritized by their risk score. Risk assessment and ongoing management allow the cash, time and staff-strapped CISO to make the most use of the limited resources they have to reduce the overall risk to the enterprise, and perhaps even more important, be able to justify what they are doing and why to their leadership and regulators. 
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Ohio Man Sentenced To 15 Months For BEC Scam
Dark Reading Staff 8/20/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15667
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can...
CVE-2018-15668
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate atta...
CVE-2018-15669
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are...
CVE-2018-15670
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if t...
CVE-2018-15671
PUBLISHED: 2018-08-21
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.