budget

Caro CISO, ti suggerisco di parlare d’affari con il tuo CdA, evita tecnicismi.

Caro consiglio di amministrazione e caro CISO Penso che dovremmo sempre considerare il nostro lavoro come una parte del business. Abbiamo finalmente iniziato a prendere in considerazione la sicurezza informatica e la protezione dei dati come un problema serio, ma ora la domanda è come valutare un rischio nei nostri piani di analisi e di business… Usualmente la documentazione e le relazioni per l’analisi di rischio, presentati nelle aziende (se e quando vengono presentati ovvio) si limitano, per la maggior parte, all’uso di valori generici (rischio alto, medio, basso), ma non sembra che si usi specificare qualsiasi metrica. Senza metrica è difficile…

Security and Risks Updated

When I’m talking about security with customers, partners or at an event the first question I usually receive is: how much this will cost to me? This is an understandable question, costs have to be monitored and expenditures have to be planned wisely;  how much I can spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seemed to be attracted more by strange inner believes than an empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that…

Digging it up on Security Costs and Security Budgets – part1

In my previous article, security costs and security budget, I made some assumption to simplify an introductory analysis on how much we should spend on security. Some of those assumptions have been made to simplify out tasks. Today I would like to quickly analyse some of those simplifications. One of the biggest assumption I made on the previous article is that if a problem cost us X then we can find a number n that express the number of incidents I’m allowed to permit so that nX can express the cost I’m allowed to accept. This simplification was based on…

Security Costs and Security Budgets

When I’m talking about security with customers, partners or at an event the first question I usually receive is: “how much this will cost to me?” This is an understandable question, costs have to be monitored and expenditure have to be planned wisely, the problem of  how much I canshould spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seamed to be attracted more by strange inner believes than a empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that I’ve…

Posts navigation