Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey On Security Investment Trends

Posted by Hemos on from the how-does-it-work-and-measure-it dept.

whoisjoe writes "Information Security Magazine has an interesting article (although it's in PDF) on the trends and effects of security spending by organizations. Basically, organizations tend to spend less per machine as they grow, and the effectiveness of their investment tends to depend more on the share of the IT budget than the absolute amount."

3 of 67 comments (clear)

  1. Return on investment by k0ala · · Score: 2, Interesting

    Typical of major corporations to try and drive the bottom line by cost cutting in areas that in todays tech environment are probably the most dangerous over the long term. Of course when something happens its simple to blame human error and crucify the IT department for not doing thier job.

    --
    "Hollowpoints: When you care enough to send the very best."
  2. Spending per capita versus by bluephone · · Score: 3, Interesting
    The idea that fixed spending per capita versus a share from a bugdet shouldn't surprise anyone. Merely taking into account volume discounts of products brings the per machine cost down. But this does bring up a god point for execs to look at, in terms of security doesn't HAVE to cost a lot to be effective, if the spending is done wisely. Too many execs skimp on security due to fear of cost, and perceived low ROI, and underestimated exposure risk. It's the typical "It happens somewhere else, but never here" mentality that affects too many sections of society.

    The problem from the clients I've interacted with over the years has rarely been that they spend too much due to wanted X dollars per machine, but in their failure to realize that they too may be vuilnerable to threats that they think can't happen. As in many cases in this industry, the bulk of the problem lies about 20 inches in front of the screen. I've often found that some money spent on education is what is needed the most.

    --
    jX [ Make everything as simple as possible, but no simpler. - Einstein ]
  3. Lies, damn lies, and statistics by mmoncur · · Score: 4, Interesting

    Hmmm. Only 215 "qualified respondents" that provided "reliable information". Then they divide them into small, medium, large, and very large sites. Assuming small networks outnumber large ones by a long shot, just how many "very large" networks (10,000+ machines) could they be getting results from?

    Between the questionable statistics and the bizarre correlation between security and sex mentioned in the first paragraph, this article is nothing but a large serving of Buzzword Soup topped with noise and a sprinkling of anecdotal evidence, with yummy USA-Today-style pie charts for dessert.

    --

    It's Slashdot's evil twin... SlashNOT