Questions tagged [budget]

11 questions
21
votes
1 answer

Secure Development costs

What case-studies or references are available from companies who have implemented a secure development process (eg, SDL or similar) around the cost/effort involved. Whilst each development department is likely to be a unique case, it is still…
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
15
votes
3 answers

How much does a security audit cost?

For a PHP CMS, what should I expect to budget for a security audit, both whitebox and blackbox? The codebase is about 85,000 LOC ("Lines of Code") and I would probably use a North American company for testing. I really have no idea if an audit would…
VirtuosiMedia
  • 3,142
  • 3
  • 26
  • 32
12
votes
3 answers

How much money does it take to equip a fully funded black hat team? How much money to defend against such a team?

Richard Bejtlich wrote in July 2009 the following: "I submit that for $1 million per year an adversary could fund a Western-salaried black hat team that could penetrate and persist in roughly any target it chose to attack." (from…
Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
10
votes
2 answers

How do you compare risks from your websites, physical perimeter, staff etc

In assigning budget rationally - ie proportionally to the risk in a particular area, how can you calculate the relative risks? I can think of examples where clients of mine have secured their websites very well, but have no security on their front…
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
9
votes
4 answers

How to estimate the cost of an application vulnerability?

I've seen data on the cost of a breach including lot of surveys and research by Verizon and the Ponemon Institute. But in terms of an actual vulnerability, what are the factors to consider to determine the cost? Few things I had in mind are: Risk…
Epoch Win
  • 922
  • 2
  • 7
  • 14
7
votes
2 answers

What are the most effective methods for getting security funding within an organization?

A common problem when working in large organizations is securing funding for a security program. These programs compete against other business units and various business objectives for funding which creates a common scenario where the security team…
Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
4
votes
3 answers

is it worth to implement a firewall on a web server you control?

I see the main reasons for a firewall on a web server to be defense in depth and extra cushion for a possible admin error of running an unnecessary daemon. I'm trying to see if I am overlooking something. I am thinking that in a situation where you…
m33lky
  • 225
  • 2
  • 6
2
votes
2 answers

Is any of my data shared with my budgeting app yet?

So I download this budget manager app called Emma, created an account, until it brought me to a login page where I was supposed to enter my back account details.. I didn't expect this, and I wasn't thinking and started to enter my username and…
ming
  • 123
  • 1
  • 4
1
vote
0 answers

Industry average for security as a percentage of product budget?

Lets assume the product is pure software or a blend of software and cheap commodity hardware. Is there any work showing what the average industry spending is on just the security aspects as a percentage of the total product development costs? I do…
Cat Nap
  • 101
  • 3
0
votes
0 answers

Security risk of using a budgeting app connected to bank accounts

I've been tracking my budget the old way for a few years now by using excel spread sheets that have my checking account ledger, and monthly expenses broken down to categories. But I have noticed more people have moved to using apps to track their…
-1
votes
1 answer

Good starter WiFi adapter under $30 for experimenting with Kali Linux

I am interested in learning how to get into a network and then intercept and modify traffic and am looking to get a WIFI adapter that will let me use the tools in Kali Linux. I have done some research but I am having trouble finding something that…