Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:00 PM
Connect Directly
E-Mail vvv

Dark Reading Radio: How To Get The Most Out Of Your Security Budget

Join us on Wednesday, May 18 at 1pmEDT/10am PDT, for a discussion with security executives on how to prioritize and manage your IT security budget.

Security budgets may be inching upward in many organizations, but that doesn’t mean IT security is actually getting the funding it truly needs, nor that security managers actually have the requisite talent and staff.

Take the recent Ponemon Institute 2015 Global Study on IT Security Spending & Investments, which found that nearly 60% of organizations are either unsure or don’t think that their organization has the resources to even meet compliance requirements. The 2015 InformationWeek Strategic Security Survey shows that nearly half of organizations with 100 or more employees say their security budgets were expected to increase in 2015. But at the same time, only 27% of them say they have sufficient IT security staff to properly protect their infrastructure and information.

In the next episode of Dark Reading Radio, we’ll explore how to most effectively and efficiently allocate security spending, tapping compliance, open source, cloud, and other strategies to get the biggest bang for your buck. And once you’ve prioritized your spending -- including staffing -- plans, how do you pitch it to upper management for the win?

Join us on Dark Reading Radio on Wednesday, May 18 at 1pmEDT/10amEDT, where we’ll talk to enterprise security executives who face these issues from the trenches every day: Patrick Heim, head of trust & security for DropBox and the former CISO at Kaiser Permanente, and Jonathan Trull, VP and CISO of Optiv, and former CISO of the State of Colorado, who will share their experience and insight on making the most of a security budget.

Register here for the show and online chat.


Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-19
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.
PUBLISHED: 2021-01-19
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.
PUBLISHED: 2021-01-18
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php p...
PUBLISHED: 2021-01-18
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.