This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."
Download it now to read this article plus other related content.
Who's On First?
Infrastructure complexity spawned concern among respon- dents in several areas, notably identity, access and vulnerability management, and reporting mechanisms.
|Where's Your Money Going?|
and password and provisioning management technologies.
Some managers are reticent to dive into expensive identity management systems until the industry settles on implementation standards. "Like most organizations, we don't want to commit to a vendor-specific approach that will constrain our ability to deliver flexible solutions in the future," says Jon Stanford, chief security officer for the American Criminal Investigators Network.
Meanwhile, access control technologies like two-factor authentication and enterprise single sign-on remain a wait-and-see proposition in most organizations. A quarter of the survey respondents said they'd be spending more on both technologies in 2006, but some, like Stanford, are still cautious of hidden costs, like the replacement of lost tokens.
While most organizations have their patching processes down pat thanks to automated tools and scheduled patch-release cycles from Microsoft and Oracle, vulnerability management remains a top operational priority. Spending on network vulnerability scanners and patch management tools is expected to rise. Security managers also want to improve the integration of vulnerability, patch and configuration management tools into a single console. Spending is expected to head upward there as well.
This was first published in December 2005