Security's Everyman

Security's Everyman

Monday, September 10, 2007

New Poll is Up

I just put up my new poll for this week. Here is the questions and answers to choose from.

In your Organization are most security purchases based on

Reaction to an event or scare
Cool Toy "C" level wants to implement
Careful Research
Good salses pitch by vendor
Other

If you select Other please leave me a comment and let me know how your company decides on what to buy.

5 comments:

sekots said...

I chose other because our IT budget is at 1.4%of revenue and Security gets none of that.

Alex said...

risk reduction :)

LonerVamp said...

I picked careful research, mostly because we don't buy things without doing some team evaluation on whether we really need it.

Cool C-level toys are typically general IT things and not security-related, in my experiences. Those being part of IT purchases (or wastes of time when they ask for careful research) are still too numerous...

Some products/initiatives do come after a scare or incident. In my current company's case, we'd never looked at disk encryption until the past year, entirely due to mgmt hearing so much about the issue. It's always been there and hasn't really changed at all in 3 2 decades (I say 2 to account for the portability of equipment and data). Thankfully, media coverage has opened doors for us to fill that gap. (Assuming we ever find an FDE product we're happy with that plays well with Altiris...)

Allen Baranov, CISSP said...

I'd say its actually a combination of all of the above for me. An attack or request or something comes in from business for security or monitoring or such. The security guy finds a cool toy and tries to implement it, we then find alternatives, make a project, check them out and deploy.

A large driving factor is also Audits which is not an option but I think should be. A bad audit finding for us gets a lot more money than a good idea.

Dr Anton Chuvakin said...

Huh? Where is compliance in that?

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.