Organizations struggle with information security management due to lack of diligence, skill, and resources. Garter analyst Jay Heiser in his presentation at Gartner Security & Risk Management Summit held in National Harbor, Md. estimates that the information security spend is close to 5% of the IT budget. Now try to imagine having to prop up the organizations defenses using just a part of that budget; as a large part of the budget is lost to internal compliance and assurance activities.
What ends up happening most often is the “IT guy” also becomes the “IS guy” and security slips between the cracks of break-fixes, device configuration, email issues and other “more” important things. Compliance and security concerns are resolved by calling in various vendors and temporary consultants as security issues become more important (read critical).
Unfortunately information security operations require rigor, skill and expertise. There is a need for strategy (expertise) that is aligned to IT and business that manages the more tactical security program (skill) and the day-to-day operations (resources). There also need to be supporting systems to accelerate and automate delivery. And all of these needs to be in place at a very friendly price!
At Aujas we like to take up such challenges and yet deliver value. We have designed a service offering called Virtual Security Office (VSO) that when explained sounds like a duh moment due to its simplicity and underlying commonsense. We simply offer resources, skill and expertise in value delivering combinations as needed and charge you for the services consumed!
A information security generalist(s) are available on part time and/or full time (we cover onsite/offsite too) basis who will continue to support the operational elements like risk and compliance management, approvals, tracking, etc.; specialist(s) are made available for activities like infra & application assessments, audits, etc. and expert(s) are available when you are deciding on strategies and new initiatives.