Feature

Interview: Protecting data and IT assets in a recession

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."

Download it now to read this article plus other related content.

Today's economic climate may mean belt tightening for many security officers, but Anthony Meholic already learned how to do more with less when he joined Republic First Bank after working at global powerhouse JPMorgan Chase. The senior vice president and information security officer at the bank, which serves the greater Philadelphia area, knows what it takes to protect corporate assets in a tough economy.

How do you think the economic downturn will affect security budgets? It's always been a real chore to justify an information security budget because you can't put a monetary figure on the return on the investment. Information security is there to make sure nothing [bad] happens, so if you're doing your job, nothing [bad] is happening. Given that you're already starting behind the eight ball, the economic upheaval in the banking industry is just going to put more of a burden on security professionals to get more funding. They'll have to learn how to live with less. Take good stock of your resources, the skill sets of your team, your networking infrastructure and see what you can do within the limited budget that you'll be getting.

Can outsourcing help? It's certainly part of the picture. Going from JPMorgan to Republic First Bank-from a very large international corporation that had a large budget for security to a smaller regional bank that doesn't have the [same] resources-gave me good insight on how to manage and do more with less.

    Requires Free Membership to View

If you're a small or midsized bank, you might not have the resources to have an ethical hacking team like I had at JPMorgan, or you can't afford some of the more expensive tools. So you have to rely on vendors to perform some of these services. Typically, we have vendors performing our vulnerability assessments and penetration testing.

What else might help in lean times? There are things you can do with a small team or a small budget. It's going back to basics. One of my main focuses when I come into a security position is to get a really detailed understanding of the flow of confidential and restricted data. You have to know where your data is going and who it's going to; once you know and understand that, you can start targeting areas of risk. You need to have a mature risk assessment process in place so you can prioritize these risk areas. Once you prioritize the risks associated with the various areas, you can start focusing your limited resources-whether it's budget, assets or staffing-on those areas. You probably won't cover every single one, but at least you've hit all the high-risk areas.

This was first published in January 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: