Re: Security team and budget

["Akbari, Amir" <aa3840 () TC COLUMBIA EDU>]

Theresa,

Some things to think about if you haven't invested in them already,

   - Password Vault (ie LastPass)
   - Phishing Campaign tools
   - Security Awareness Training
   - Multi Factor Authentication
   - Network Access Control / 802.1x


Regards,
Amir

Amir Akbari
Chief Information Security Officer
Teachers College, Columbia University

[image: Inline image 1]


On Tue, Mar 1, 2016 at 12:56 PM, Theresa Rowe <rowe () oakland edu> wrote:

> Hi,
>
> After a recent security audit, the auditor suggested that the security
> budget, inclusive of staffing, was underfunded.  Using Gartner and other
> data, for a university our size, the suggested budget was around $500,000
> to $700,000.  We are at 45-55% of that amount.
>
> At first I thought a major difference would be what we spend on staff;
> there are two staff members on the team. But when I go to Educause Core
> Data, and compare our Carnegie class and a created group of identified
> peers, 2 is the size of the team.
>
> This makes me wonder what we are not buying in our security budget.  We
> have AV, logging (hosted Splunk), and the usual stuff, or so I thought.
>
> Would anyone be willing to share details about what is included in their
> security budget?
>
> Thanks in advance -
>
> --
> Theresa Rowe
> Chief Information Officer
> Oakland University



-- 


Amir Akbari
Chief Information Security Officer
525 West 120th Street, Box 43
New York, N.Y. 10027
T. 212.678.3920
E. amir.akbari () tc columbia edu <husain () tc columbia edu>