Most organizations follow an operational
budget and pay little attention to security. In fact, security
spending is often an afterthought. Of course, IT pros know that
spending money up front on security can often save companies more
money in the long run.

However, it can often take some extra effort to
convince those who hold the purse strings that a proactive security
strategy is usually your best bet. Budget decision makers need to
see where security dollars are going, and they need to understand
the impact of these funds on the operational health of the
network.

To help make your case, I suggest creating a
regular report to show the powers-that-be the return on investment
for security spending. If you don’t begin internally publicizing
the positive and proactive impact of your security solutions, then
you’re failing in your reporting aspects—and you’re missing a
chance for creating visibility.

Begin by calculating what it would cost to
restore the most mission-critical server and workstations on your
intranet after a virus or black hat renders them useless. Increment
that value for each new virus and attack that works its way onto
your network.

The easiest way to get the word out is through
e-mail communications. Use your security devices to generate
reports, and create a daily or weekly summary of security
events.

E-mail this report to your boss, and copy his
or her boss. This report should keep people informed of what the
security administrator is
doing and provide visibility of your positive contribution to
network operations.

Develop a specific report style, and stick to
it. Keep your security reports simple; limit yourself to one page,
and include links to in-depth background information for the
headline topics on your report.

Sending daily or weekly e-mail reports is a
good start. However, your ultimate goal should be a security Web
page on the company’s intranet and a security monitoring Web page
for your network operations center.

If you’re unsure about what to include on these
pages, check out some of these security monitoring sites on the
Web.

  • Internet Storm
    Center    : This is an excellent source for data to include on your
    page. The World Map section shows the top ports that people are
    actively scanning.
  • Internet Traffic
    Report    : This site has an excellent health index that details
    speed and availability of backbone networks around the globe.
  • Symantec
    Security Response    : You can customize a security alert box to
    feature live virus activity levels and reports of virus in the
    wild.

If your intrusion detection system can’t
display live data in a Web format, I suggest implementing Snort, a reportable, open source
IDS. You can display that data using Analysis Console for
Intrusion Databases (ACID). ACID has incredible functionality
and generates an exceptional high-level interactive report on live
intrusion events that are taking place on your network.

Final thoughts

Most organizations look at network security
spending as red ink on the company budget. To show them otherwise,
develop a method of showing the positive impact of security on your
network.

At the very least, your managers will feel
better informed, and your users will gain an understanding of the
work that goes into protecting the network.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins’ column.

Worried about security issues? Who isn’t? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.