Security Tech Procurement Tips

December 12th, 2015 by admin Leave a reply »

Ricardo Lafosse, CISO for Cook County, Ill said that procuring enterprise security technology is an involved process that requires numerous steps to ensure it goes smoothly. He also offered below tips for CISOs.

Ask Yourself Why

Lafosse  mentioned that before purchase, identify why you need the technology and how you came to that conclusion.

“You always want to buy the shiny new toy,” he said. “They look cool, but you don’t just go out and buy it.”

Ask Peers

“What’s really key are your peers,” he said. “I cannot stress this enough. Everyone deals with these [security] issues. In the Chicago area, we have a lot of great resources. We have our CISO group and a multi-state group. It is key to be a part of it because you can bounce ideas off everyone in an informal process. You get that actual first-hand experience from your peers.”

Analysis

Start with a needs analysis before going out to the market, Lafosse said.

Consider Staff, Integration Requirements

Ensure that the new technology provides a good operational fit, he said.

Budget

“Unfortunately, we have a lot of examples,” he said. “Use those to your benefit as much as you can from a budgetary perspective. Demonstrate operational efficiency when looking for a new product. For example, if you are going to implement product X, you will reduce the help desk time to re-mediate by 20 percent. Having those rough numbers goes a long way.”

Business Case

“Re-emphasize why you are making this purchase,” he added. “For us, we used the figure from Ponemon of $154 per breach. The network access control was also going to allow people to self-service.”

The self-service capability was critical because Lafosse has only three people in his department.

“One of the key attributes for any new procurement is automation,” he said. “The security controls need to share information with each other. The more automation, the easier us for us to protect our network.”

Guidelines

“Be candid with vendors. If you don’t like the solution, tell them,” Lafosse said. “Don’t waste your time, don’t waste their time. Offer clear-cut guidelines. It’s not fair if you don’t set rules of engagement upfront. If you are seeing everything move south, let the vendor  know right away.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply