SNN - Secure Net News: Security-Focused Computer Productivity and Network News - SNN Secure Net News - How Much Should I Expect to Spend on Web Security?

Navigation

Top

Advertising

Features by Category

Wednesday

Nov252009

How Much Should I Expect to Spend on Web Security?

Wednesday, November 25, 2009 at 03:24PM

By Rob McAdam

When addressing the issue of web security there are two ways to phrase the question concerning what to spend on IT security. The first question is: How much should I expect to spend on web security? The second question is: How much will it cost the company if I don't spend enough on web security? Of course a business not only needs to spend money on system security, but it must be spent on effective security systems and reviews.

In today's economic climate the issues of security have come to the forefront as web site hackers and computer system attacks grow globally. When looking at the issue of systems and software security, you must consider potential company losses due to online theft, the return on investment for having adequate security, and the need to stay ahead of the brilliant hackers able to manoeuvre their way through even the most sophisticated muli-leveled software systems.

In March 2009 a hacker's group proved that hacking can reach into a customer data bases without a company even knowing. A UK newspaper, "The Telegraph", was compromised by a hacking group and the newspaper found out when the nameless hacking group posted screen shots and other information on the internet, gleaned from their hacking of a 700,000 customer base, as proof of their success.

Upon reading the story closer it seems The Telegraph was using a 2-year old third party code that simply was outdated in the world of sophisticated hackers. When hackers obtain access to customer credit card data, personal information, or government identification numbers, it won't take long before a company finds itself losing business because the targeted market is unwilling to take a chance on accessing their website.

Cost of Doing Nothing

There is a cost to doing nothing when it comes to securing a website. The research shows that up to 10 percent of a company's IT budget may be dedicated to hardware and software security. In most cases it is probably closer to 3 to 6 percent of the budget. Smaller businesses tend to spend smaller percentages of their IT budget on security because of lack of resources more than anything else.

But the fact is hackers can ruin a small business as well as a large business. Deciding what to spend on a web security system is dependent on a number of factors. One of the overriding factors is the type of business itself. For example, a bank or investment business will need state-of-the-art server, router, and operating system securities in place in addition to regular security assessment and penetration testing.

Even as you read this article, hackers are devising new ways to penetrate firewalls and break into websites in order to steal information. Your business should be working just as hard to protect the system as hackers are working to break in to it. Implementing a security system without regular assessment and upgrades is the same as doing nothing. That is what The Telegraph newspaper discovered with their two-year old system.

Mitigating Risk

Mitigating risk is certainly one of the main reasons for security assessment. The underlying infrastructure and codes, employee access capabilities, and customer use of systems must be reviewed regularly for new vulnerabilities. The most common vulnerabilities include SQL injection, URL manipulation, cross-site scripting cookie poisoning and the database server.

Other factors determining how much should be spent on IT security include the following.

* Government regulatory compliance

* Sophistication of system including use of wireless networks, remote access to computer system, dependence

* Need to assure customers system meets industry security standards and best practices

* Rate of past incidences of security breaches

* Size of the potential losses in the event a computer system is attacked

The one thing a company cannot afford to do is to do nothing. Computer data and system protection costs should be budgeted at a rate that gives a company the assurance it can provide customers safe access to its websites and no access to hackers.

Article Source: http://EzineArticles.com/?expert=Rob_McAdam

NOTICE - This article is the opinion of the author or reports the news and opinions of others and is NOT INTENDED TO OFFER ADVICE. This story/article/feature may be an opinion piece — and should be treated accordingly — or reporting on the opinions of others, and should never be considered as a sole source of information or as a suggestion, instruction or prescription. For crime stories, always read the word "allegedly" in any story mentioning "suspects" or "persons of interest". For money/trade and exchange stories, this magazine and its writers accept no responsibility for accuracy — always check with other sources for important decisions. In the case of food/health stories, these facts have not been evaluated by the United States Food and Drug Administration (FDA). Information stated here should be NOT be considered as medical, health, psychological or behavior advice. All information in this story and on this site is provided for educational or entertainment purposes ONLY. Always seek the advice of experts, including doctors for medical opinions. Only a licensed medical doctor can offer medical advice. Legal advice or other expert advice is best referred to experts in their respective fields. The publishers and editors, authors, researchers, employees, heirs and assigns accept no responsibility whatsoever for any advice, facts, opinions in this story, nor for resulting actions of readers of this information. ALL READERS ACCEPT THAT THIS INFORMATION IS PRESENTED ONLY AS EDUCATION, ENTERTAINMENT OR OPINION/INFORMATION AND AGREE IN READING THIS STORY OR THIS SITE THAT USE OF THIS INFORMATION IS SOLELY THE RESPONSIBILITY OF THE READER. Copyright by the author unless otherwise indicated. EXCERPTS from other magazines or media sources are posted under fair use doctrine, on the basis of no more than 5-10% of content with links and credit to source for the complete story. These are posted in the interest of providing interesting links (description as excerpt) with navigation to the source. Likewise, we encourage our many subscribers to excerpt with credit and links to our e-zines, up to 10% of content. To use more content than 10%, please contact the e-zine for permission. ALL RIGHTS RESERVED except as stipulated herein.

Persona Corp. and Blogertize publishes several e-zines for entertainment and information, but cautions readers to read the NOTICE above:

• Films and Books

• Canadian Money Magazine

• Advance Magazine

* Link Magazine

* EDI Weekly

* Secure Network News

* Canadian Money Magazine

* Crime Report USA

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

IMPORTANT: No advice is offered or given in this article or this publication. PLEASE ALWAYS REFER TO AN EXPERT before acting on any information contained in any of our stories.
Copyright © 2006-10, Blogertize Publications (http://www.blogertize.com), except as otherwise indicated. Text may be excerpted UNALTERED with FULL CREDIT and LINK. PHOTOS MAY NOT BE COPIED, DOWNLOADED OR REPRODUCED WITHOUT PERMISSION. Note: Some photos of real people may be models used to illustrate the editorial concept. MISSION: "You Need to Know" Our publications are daily online newspapers and magazines (webzines), plus delivered Ezines. Our stories also appear on various newswire services and are picked up in other publications. Our reporters and journalists break or report stories and their sources and source information are protected by the doctrine of free press as expressed in the First Amendment, Reporter's Privilege statutes, and also the Canadian Charter of Rights and Freedoms. COMMENTS FROM USERS: We invite dialogue and comments from our readers and limit moderation to obscenity and privacy issues, however WE ACCEPT NO RESPONSIBILITY WHATSOEVER FOR THIS CONTENT. We believe in the doctrine of FREE SPEECH. COMMENTS AND MOST STORIES ARE FROM OUTSIDE CONTRIBUTORS AND READERS AND NOT A REFLECTION OF THE OPINIONS OF THIS MAGAZINE. The opinions expressed by our writers, columnists and reporters are their opinions and do not necessarily reflect the opinion of this magazine, its writers and staff, or Blogertize Publications.TM - Our magazine names are trademarked. Our publications team provide this ezine and web site and its contents in good faith but makes no representations or warranties of any kind with respect to this web site or its contents. We disclaim any representations and warranties, whether express or implied, including, but not limited to warranties of any kind. In addition, we do not represent or warrant that the information accessible via this web site or the products or services sold or given free on it are accurate, complete or current. Errors and Omissions Excepted. By using/visiting this site you agree that use information herein is at your own risk. PRIVACY: SPAM POLICY: We do not use, nor do we condone the use of unsolicited bulk email. Our email system is an opt-in only. Please report any incidents of unsolicited email coming from or mentioning our domain to editor AT blogeritze.com. All matters will be investigated and dealt with promptly. Jurisdiction: Any action or dispute arising from the use of information on this site will be deemed to have been undertaken and concluded in Toronto, Canada and will be interpreted, construed and enforced in all respects in accordance with the laws of Canada and all parties thereto shall submit to the exclusive jurisdiction of the Ontario courts. A visitor agrees that the applicable law to be applied shall, in all cases, be that of the city of the web site owner, namely, Toronto, Canada.

Persona Corp. and Blogertize publishes several webzines, magazines, e-zines for news, entertainment and information, but cautions readers to read the USAGE NOTICE. Our mandate: "You Need to Know!"

• Auto News (autonews.co): The latest news, reviews and views on all things automobile

• Automobile Buzz (automobilebuzz.com): Everyone's favorite zine with the latest road tests, videos, and breaking news with special focus on sportscars and greencars

• Films and Books Magazine - News from Hollywood and New York, Books and Films

• Canadian Money Magazine

• Webzine (webzine.co): Reviews of the best, newest and brightest of webzines, print to web conversion zines, ezines and online publications.

* Noetic News: News, Features, Research on the Science of Consciousness

* Dog and Cat World: You can't know too much about your best friend.

* Dogs and Cats Life: A Magazine on dogs, cats and pets focused on health, wellness, happiness and the pet lifestyle

* Advance Magazine - Body, Mind, Spirit

* LINK Magazine: Good News Report

* EDI Weekly

* Secure Network News

* Crime Report USA

* Wise Tarot Magazine

* Asian Collector Magazine

* Buddha Weekly - Buddhist news, events, profiles from all traditions.

* Buddhist Antique Magazine

* Noetic Journal and the Science of Consciousness, reporting on the latest in Noetic Sciences and theory.

Social Network

* Blogertize on TWITTER

* Blogertize on MySpace

Contributors

• Jessica Lyric, Film Critic

• James McKinnon, Editor

• Derek Armstrong, Chief Crime Correspondent, Crime Report USA, contributor various