Security is the one of the greatest pariah's of the modern computing world. Everyone feels the need for it, but cannot understand why, until it is too late. No one will agree on what security really is. For many IT shops, security is simply a butt covering exercise.
Security can simply be defined as Making the cost of an action greater than its benefit. This may seem quite simplistic, but is an easy statement for non security staff to understand. The issue will always be as to how to define the cost to an organization. For a banking firm, the cost of a security breach may very well be the entire companies livelyhood. Furthermore, security spans across complete IT shops from the network engineers to the software developers. A concerted team approach is required. Simply putting in a firewall is not enough. Many shops do not even do security evaluations of code. Many software administrators are so enamoured with the software they manage that they tend to think it will not have security issues (How many Microsoft installations have been hacked due to administrator inattentiveness?).
KCSI prefers a systamatic approach to security. Security starts at the top, and must be strongly supported by management. Security should be broken down into sub components, which an authorized, skilled and above all respected resource should lead. Simple review processes at all levels along with useful monitoring provide the basis for security. At that point, it is up to individual resources to do their job. By having senior management instill security as a job requirement, individuals get a sense of job satisfaction as security is maintained. This sense of job satisfaction must be communicated by senior management.
Unfortunately, it is tradition for specific groups within an IT shop to not get along, even actively seek to undermine other groups. With IT dollars in scarce supply, networks wants more, servers want more, software developers want more, etc. It must be understood that security is one of the few areas which cross boundaries among IT shops. Security is an area where different IT people can agree. Approach as a team, execute as a team, and be rewarded as a team, and your IT shop will see benefits beyond simply increased security.
KCSI has done work in specific areas of IT Security, included Threat Risk Assesments, monitoring, defense against denial of service attacks, code inspection and system vulnerability checks. We would be pleased to help you with any security related issues or endevours.