Sunday, August 26, 2012

Information Security screw-up #3 - it's all about financial sense

Many of us as an Information Security Professionals would love to have the best of the breed security technologies in place. And, most of us are paranoid and want things to be as secure as possible. However, that's not how the real world works. Not in enterprise environment at least. And the current state of world economic is not helping as well, and adding insult to injury.

This story is about the same "young" Information Security lad....

Mr. Global CISO:  Ok, team. Now it is again the time for us to propose our budget for next year. I expect each of you to prepare a budget proposal for your region and come back to me by end of this week. Then we shall discuss. What you want to do with your region, I'll leave it to you, as long as it makes sense.

Young Information Security lad: No worry sir. You'll get it by the end of the week.

Right after the meeting, the "young" information security lad open his laptop and starts to list down all the potential information security projects. After giving some thought, he decided to give the "laptop encryption" project the highest priority.

Mr. Global CISO: So, what do you have for me?

Young Information Security lad:  Mr. Global CISO, here are the projects that I have in mind for my region. I would like to highlight to you this particular project - laptop encryption...

Mr. Global CISO: That's sound interesting. Looking at your proposal, you proposed to have all the laptops - that would be around 50,000 laptops in your region, as it would cost 200EUR for each laptop, that would be1 mil. EUR in total. Now, imagine I'm the CEO. Try convince me why should I give you this 1 mil. EUR?