Despite the perception that companies are increasing security spending, a recent survey of IT security professionals found that security budgets are making up a smaller portion of overall IT spending than previously thought. The survey, conducted by Midvale, Utah-based Burton Group, found that security budgets typically make up about 2% of IT budgets. The number is significantly lower than earlier estimates reflecting 6% to 12% of IT budgets spent on security. This week, Burton Group analyst, Pete Lindstrom discusses the survey and why a smaller security budget could be a good sign.
| Security Wire Weekly: Shrinking IT security budgets
Download MP3 | Subscribe to Security Wire Weekly
(2:53) Introducing Pete Lindstrom.
(3:39) How surprising is the survey results? Are budgets trending downward?
(5:48) Is this an alarming trend?
(7:11) How should CISOs respond to a shrinking IT security budget?
(8:42) CISOs typically fall three levels below the company CEO. Is that a surprising find?
(11:50) Are there any market trends that could change the makeup of the IT security organization?
Pete Lindstrom is a senior analyst at the Burton Group. His research has an emphasis on security metrics, risk management, Web 2.0/SOA/Web services security and securing new technologies. Lindstrom was research director for security consultancy, Spire Security and was an analyst with the Hurwitz Group.
| Senior Analyst Pete Lindstrom
Oracle patches serious holes with latest CPU: Vulnerabilities in Oracle Application Server can be exploited remotely to hijack a system, according to Oracle's latest Critical Patch Update.
Mapping the path toward information security program maturity Amid tight information security budgets, it can be hard to recommend the best ways to invest new dollars or focus new resources. In this tip, Ed Moyle explains why creating a security program maturity map is a sensible way to not only track a program's growth, but also isolate and correct inefficiencies.
SearchSecurity.com Audio Downloads: Visit our audio download archive.
Dig Deeper on Information security program management