Most organisations follow an operational budget and pay little attention to security. In fact, security spending is often an afterthought. Of course, IT pros know that spending money up front on security can often save companies more money in the long run.
However, it can often take some extra effort to convince those who hold the purse strings that a proactive security strategy is usually your best bet. Budget decision makers need to see where security money is going, and they need to understand the impact of these funds on the operational health of the network.
To help make your case, I suggest creating a regular report to show the powers-that-be the return on investment for security spending. If you don't begin internally publicising the positive and proactive impact of your security solutions, then you're failing in your reporting aspects -- and you're missing a chance for creating visibility.
Begin by calculating what it would cost to restore the most mission-critical server and workstations on your intranet after a virus or black hat renders them useless. Increment that value for each new virus and attack that works its way onto your network.
The easiest way to get the word out is through email communications. Use your security devices to generate reports, and create a daily or weekly summary of security events.
Email this report to your boss, and copy his or her boss. This report should keep people informed of what the security administrator is doing and provide visibility of your positive contribution to network operations.
Develop a specific report style, and stick to it. Keep your security reports simple; limit yourself to one page, and include links to in-depth background information for the headline topics on your report.
Sending daily or weekly email reports is a good start. However, your ultimate goal should be a security Web page on the company's intranet and a security monitoring Web page for your network operations centre.
If you're unsure about what to include on these pages, check out some of these security monitoring sites on the Web.
- Internet Storm Centre: This is an excellent source for data to include on your page. The World Map section shows the top ports that people are actively scanning.
- Internet Traffic Report: This site has an excellent health index that details speed and availability of backbone networks around the globe.
- Symantec Security Response: You can customise a security alert box to feature live virus activity levels and reports of virus in the wild.
If your intrusion detection system can't display live data in a Web format, I suggest implementing Snort, a reportable, open source IDS. You can display that data using Analysis Console for Intrusion Databases (ACID). ACID has incredible functionality and generates an exceptional high-level interactive report on live intrusion events that are taking place on your network.
Final thoughts
Most organisations look at network security spending as red ink on the company budget. To show them otherwise, develop a method of showing the positive impact of security on your network.
At the very least, your managers will feel better informed, and your users will gain an understanding of the work that goes into protecting the network.
