Risk Management: Bridging Policies and Procedures - Fundamental Security Concepts
Designing security architectures is not so difficult, providing you have a good road map. Policies and procedures within the organization are that road map to effective and efficient security designs. Risk Management is the bridge between the two. One huge element in the risk management process is determining the security return on investment (ROI). As the Security Manager for your firm, how do you justify security spending for firewalls, intrusion prevention systems, content filters, two-factor authentication systems, and so forth to business managers? Many managers see security spending as red ink on the ledger. In today's business environment, companies want or demand an ROI. This white paper discusses risk management as a key process in designing security architectures, including a better way for security managers to approach the security ROI issue.
Bernie L. Dixon
Bernie L. Dixon is a Certified Information Systems Security Professional (CISSP) and System Security Certified Practitioner (SSCP). He has over 30 years experience in the field of computer and network security, including cryptography. Bernie served 25 years in the United States Air Force, where his responsibilities included analyzing and resolving communications and computer security-related problems. Upon retirement, Bernie became the Manager of Information Protection for AT&T Technical Services in San Antonio, TX, where he was responsible for communications-computer security. After 3 years, he served as the Director of System Security for Access Research Corporation. Bernie started his own company in November 1997 and has done network security consulting for companies like TRW, Unisys, Ascend (now Lucent), Department of the Treasury, Department of the Air Force, and NSA. He wrote two security courses for Global Knowledge titled Designing Security Architectures and Check Point NGX CCSA/CCSE.
- Global Knowledge
- 10 Dec 2008
- 11 Oct 2008
- 6 Page(s)
- White Paper