Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comsec Consulting Launches The IT Security Cost-Restructuring Approach And Publishes A Supporting Advisory Paper “Managing The Cost Of Information Security”

January 2009 by Marc Jacob

Comsec Consulting, announces the launch of an IT security cost-restructuring approach aimed at improving the cost-efficiency of information security solutions. In addition, Comsec announces the availability of a supporting advisory paper providing the methodologies required to manage the cost of information security.

Over the last 20 years Comsec Consulting has developed a full set of comprehensive information security services and within these engagements has improved clients’ risk profile and remediated compliance issues. Recently, Comsec Consulting, drawing upon its proprietary in-house developed methodologies, has pulled together all of the best practices in information security and has formulated a new approach aimed at IT security restructuring, specifically to respond to the current financial climate. This methodology can lead to higher efficiency with potential cost savings in IT security, as well as maintain, and in some cases reduce the risk profile of the enterprise, through security simplification.

As described in the Advisory Paper, by using the Comsec Security Architecture it is possible to group the IT security restructuring into the following categories:

· Standardisation and Industrialisation – includes embedding the security into the enterprise, through standards, such as Security Development Lifecycle (SDLC), which will remove the threats earlier in IT projects and reduce re-coding costs. As Comsec has provided SDLC services directly to software product companies, as well as enterprises we have seen a one hundred fold increase in security cost-efficiency in comparison to relying purely on the testing phases.

· Consolidation and Optimisation of Security Controls – removing unnecessary security technology and improving processes. Each year new security technology and additional controls are layered on top of existing systems. However, these are often done without examining the change in the threat landscape, which results in potentially older redundant controls, e.g, consolidating firewalls and intrusion detection solutions, where externalisation has opened up ports making some of the network segmentation unnecessary.

· Utilising Security Features – utilising security features across other divisions of the business and capitalising on inbuilt software technologies, providing central management and ongoing cost reduction as well as increased security. Many features, such as those found in identity and access management can lead to cost savings in other parts of the business, e.g., if there is a single view on the user-base, better software license terms can be arranged.

· Simplification – simplifying the security environment can aid in cost containment and reduction and will also lead to a more secure enterprise. For example, simplifying training by combining SOX, ISO27001 and PCI IT security awareness will be both cost-efficient and actually more beneficial to the end users, as many of the messages in these disciplines overlap.

· Supplier Management – through consolidating suppliers of security services, cost reduction can easily be achieved through economy of scale, reduction of procurement costs and global pricing. For example, after gaining in depth knowledge of an enterprise application, security white box testing on incremental changes, rather than full penetration testing can reduce cost expenditure.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts