Skip Links

IT security on the cheap

Security pros share tips from Twittering virus alerts to DIY awareness videos

By , Network World
March 25, 2009 04:34 PM ET

Network World - BOSTON -- Everyone's looking for a handout these days and IT security pros are no exception.

A panel of IT experts, including those from Bose, Brown University and Genzyme, shared tips about "cheap but good" IT security solutions at Wednesday's SecureWorld Boston event (more from the event here).

David Sherry, CISO for Brown, noted that his team exploits free Web 2.0 tools and open source software to support its efforts. Among other things, the IT team issues alerts via Twitter to call attention to virus threats and has used a blogging program to test out a plan for keeping in touch during a storm or disaster that might keep workers from getting into the office.

Sherry, who came to Brown about eight months ago from the financial industry, said the change from the very locked-down nature of the financial industry to the Wild West university setting came as "a real slap upside the head." One difference has been the school's willingness to employ open source software tools, and he encouraged those even in more buttoned-down organizations to give them a whirl. "You will not find 'cheap but perfect' when using open source," but you might find good enough tools that can save you tens of thousands of dollars vs. commercial offerings, he said. "Tools are getting better and upgrades are coming faster in part because more people are using them and giving more feedback." Sherry noted that Brown runs risk assessments on open source tools just like it would on any other tools.

Being at a university, Sherry said it is only natural to look to students for inexpensive or even free labor, such as during the summer to do penetration testing. He recommends non-university organizations should call around to local schools to see if students are available for internships they might do for free or a nominal stipend.

Sherry said there's also something to be said for centralization, which can cut down on costs of various departments having their own security administrators.

In the spirit of cost cutting, Brown has also examined all of its IT contracts and gone back to vendors to ask for price breaks, whether it's straight discounts or extending contracts for lower rates. "It will not shock your vendors if you ask them," Sherry said. Brown has also done away with maintenance contracts for some products.

Another tip: come up with offsite storage exchange programs with other organizations. He acknowledges that there is a higher degree of collaboration in the educational field than the finance industry for this sort of thing.

Also offering advice was panelist Terri Curran, director of information security at consumer electronics maker Bose. She said: "Look outside your country but look inside your company."

What she meant by "look outside your country" is that there are plenty of free resources about security awareness, identity theft and the like available on government Web sites around the world (she specifically mentioned the Netherlands as having good videos and slide decks on antivirus and other topics). While all such documents won't directly apply across countries, she’s found that you can pick and choose, and that it beats starting from scratch. She also mentioned Interpol as a good source of such documents.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News