Educause Security Discussion mailing list archives
Re: Security team and budget
From: dsarazen <dsarazen () BRANDEIS EDU>
Date: Wed, 2 Mar 2016 08:53:40 -0500
Hi Theresa,
Has your institution completed an IT risk assessment? If so, that should give you a road map for short and long term
planning. If not, maybe you should spend some money on conducting a risk assessment.
Good luck,
Dan
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message --------
From: Theresa Rowe <rowe () OAKLAND EDU>
Date: 03/01/2016 12:56 PM (GMT-05:00)
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Security team and budget
Hi,
After a recent security audit, the auditor suggested that the security budget, inclusive of staffing, was underfunded.
Using Gartner and other data, for a university our size, the suggested budget was around $500,000 to $700,000. We are
at 45-55% of that amount.
At first I thought a major difference would be what we spend on staff; there are two staff members on the team. But
when I go to Educause Core Data, and compare our Carnegie class and a created group of identified peers, 2 is the size
of the team.
This makes me wonder what we are not buying in our security budget. We have AV, logging (hosted Splunk), and the usual
stuff, or so I thought.
Would anyone be willing to share details about what is included in their security budget?
Thanks in advance -
--
Theresa Rowe
Chief Information Officer
Oakland University
Current thread:
- Security team and budget Theresa Rowe (Mar 01)
- Re: Security team and budget Akbari, Amir (Mar 01)
- Re: Security team and budget David Seidl (Mar 01)
- Re: Security team and budget Youngquist, Jason R. (Mar 02)
- Re: Security team and budget Theresa Rowe (Mar 02)
- Re: Security team and budget Hugh Burley (Mar 02)
- Re: Security team and budget Theresa Rowe (Mar 03)
- <Possible follow-ups>
- Re: Security team and budget dsarazen (Mar 02)
- Re: Security team and budget Spahr, Todd M. (Mar 02)
- Re: Security team and budget dsarazen (Mar 03)