Educause Security Discussion mailing list archives
Re: Security team and budget
From: "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Date: Wed, 2 Mar 2016 13:47:05 +0000
Theresa, Here are some ideas (not all in our budget) - · Network access control (NAC) · Vulnerability management · Laptop encryption · Security Information and event management (SIEM)/log management · Firewall(s)/VPN · Sensitive information scanning software · Anti-virus/anti-malware/ad blocking software · Anti-spam solution · Privilege management solution (ie. remove local admin) · Application whitelisting · 2-factor authentication · Mobile device management · Data loss prevention software (DLP) · Secure file sharing · Web application firewall (WAF) · Web application scanning/code review software · E-Discovery tools · Database activity monitoring (DAM) · Forensic software - Full packet capture/network/host-based forensic software · Host-based intrusion detection/file integrity monitoring · Network bandwidth/monitoring tools – ie. netflow collector · Pentesting software · Third party security audits · Security awareness training for faculty/staff/students · Security training/conferences/courses for security staff Jason Youngquist, CISSP, CISA, GWAPT, GCWN Senior Information Security Engineer Columbia College – Technology Services 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu<mailto:jryoungquist () ccis edu> http://www.ccis.edu<http://www.ccis.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Rowe Sent: Tuesday, March 01, 2016 11:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security team and budget Hi, After a recent security audit, the auditor suggested that the security budget, inclusive of staffing, was underfunded. Using Gartner and other data, for a university our size, the suggested budget was around $500,000 to $700,000. We are at 45-55% of that amount. At first I thought a major difference would be what we spend on staff; there are two staff members on the team. But when I go to Educause Core Data, and compare our Carnegie class and a created group of identified peers, 2 is the size of the team. This makes me wonder what we are not buying in our security budget. We have AV, logging (hosted Splunk), and the usual stuff, or so I thought. Would anyone be willing to share details about what is included in their security budget? Thanks in advance - -- Theresa Rowe Chief Information Officer Oakland University
Current thread:
- Security team and budget Theresa Rowe (Mar 01)
- Re: Security team and budget Akbari, Amir (Mar 01)
- Re: Security team and budget David Seidl (Mar 01)
- Re: Security team and budget Youngquist, Jason R. (Mar 02)
- Re: Security team and budget Theresa Rowe (Mar 02)
- Re: Security team and budget Hugh Burley (Mar 02)
- Re: Security team and budget Theresa Rowe (Mar 03)
- <Possible follow-ups>
- Re: Security team and budget dsarazen (Mar 02)
- Re: Security team and budget Spahr, Todd M. (Mar 02)
- Re: Security team and budget dsarazen (Mar 03)