Securing a Security Budget: Probable Threats vs. Describable Threats

One of the greatest challenges for any security professional is to convince management to provide an adequate budget to protect corporate assets. One of the more recent trends in the industry is to provide management with a calculated return on...


RSS Online
There are numerous other methods for identifying and tracking probable threats. One of the newest mechanisms for tracking news regarding threats and vulnerabilities is to subscribe to various RSS services. RSS, or really simple syndication, provides the opportunity to receive news stories and alerts from varied sources and have them consolidated in one place. It eliminates the task of searching numerous Web sites for relevant information. It is a time saver and an excellent tool.

To take advantage of RSS feeds you need an RSS aggregator, which can be found either as a standalone application or as a plug-in for your Web browser or e-mail client. Two popular downloadable aggregators are BottomFeeder (www.cincomsmalltalk.com/BottomFeeder) and Pluck (www.pluck.com). Several channels that might prove helpful include

To learn more about the how to use RSS feeds, read "Tech Guide: How to Read RSS Feeds," which can be found at tinyurl.com/6sy4h.

Prioritize and Communicate
As you start cultivating resources for pertinent information regarding current threats and issues, you may run into information overload. As an example, while researching this article I got caught in the Alert Zone-I spent more time reading alerts and headlines than actually writing the article. It is important to have mechanisms in place to prioritize the threats, especially if your firm has limited resources. Start with local alerts and advisories. If businesses in your area have encountered attacks or problems, chances are your business is at risk.

Cultivate working relationships with other individuals in your industry, including competitors. Learning that your industry has suddenly become a target can be extremely useful in determining probable threats. Once local and industry resources have been checked, reach out to resources like InfraGard that address issues that directly impact the national infrastructure. If there is a threat to the power grid in your area, it might be time to review business continuity plans. Check other sources as you find them.

Keep in mind that you will still have to evaluate the threats before presenting them to management to support the need for additional resources. Always use probable threats, not possible threats. A creative mind can come up with numerous threats that could possibly happen, but in all likelihood will never cause a business problem. Yes, it is possible for a commercial aircraft to crash into a one-story building in rural Kansas, but the chances are so small as to be insignificant. In the eWeek article, "Don't Freak out over E-Jihad" Larry Seltzer states the issue succinctly: "Unless you're a specific target, it's not worth focusing on unsubstantiated general warnings. The world is full of threats" (tinyurl.com/4z36p).

The ability to track probable threats only exists when people report problems they have discovered or suffered through. This means that many security professionals are willing to share their experiences and often their mistakes for the greater good of protecting the national infrastructure. This is extremely beneficial. If you are willing to learn from others, consider sharing your experiences so that others can help identify probable threats.

John Mallery is a security consultant specializing in the practical application of computer security and digital forensics. He can be reached at jmallery@malleryttc.com.