was asked a really interesting question in an interview yesterday: given a budget, which areas of security spending produce the greatest and worst (or negative) ROI?
my answer:
positive: SSO/OAuth, hardware keys
worst: DAST, DLP, honorable mention to poorly configured IDS’s
what’s your answer?
=> More informations about this toot | More toots from april@macaw.social
@april I think it depends a bit on where you start from and how big the budget is with respect to what would be necessary.
For example, pentests can have a great ROI if and only if you already have some baseline and the budget to fix the findings that will inevitably come up.
If the budget is extremely tight, it may be best to do nothing (new) and instead give your admin(s) some slack to catch up on their day-to-day tasks.
=> More informations about this toot | More toots from weddige@gruene.social
@april pentests without the budget to fix any of the findings might be an example of a negative ROI: You have the same problems as before, but now more people (including your own employees, that got the report) know about them.
=> More informations about this toot | More toots from weddige@gruene.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini