Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

A copy of the Advisory Paper ‘Managing the Cost of Information Security’ is available upon request.


London, Under Embargo 20 January 2009 – Comsec Consulting, a European market leader providing information security consulting services, announces today the launch of an IT security cost-restructuring approach aimed at improving the cost-efficiency of information security solutions. In addition, Comsec announces the availability of a supporting advisory paper providing the methodologies required to manage the cost of information security.

Over the last 20 years Comsec Consulting has developed a full set of comprehensive information security services and within these engagements has improved clients’ risk profile and remediated compliance issues. Recently, Comsec Consulting, drawing upon its proprietary in-house developed methodologies, has pulled together all of the best practices in information security and has formulated a new approach aimed at IT security restructuring, specifically to respond to the current financial climate. This methodology can lead to higher efficiency with potential cost savings in IT security, as well as maintain, and in some cases reduce the risk profile of the enterprise, through security simplification.

Stuart Okin, Managing Director, Comsec Consulting UK, says “There are a number of studies which have estimated that spend on information security can range up to 15% of the IT budget, with additional costs hidden within the business. Early in 2008, analysts were still anticipating a growth of the IT security market of 29% in the US and Europe. However, due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats may be on the increase. The methodologies behind Comsec’s IT security cost-restructuring approach provide enterprises worldwide with the ability to restructure existing security programmes and operations and in some cases reduce IT security spend, without compromising the level of information security.’

As described in the Advisory Paper, by using the Comsec Security Architecture it is possible to group the IT security restructuring into the following categories:

• Standardisation and Industrialisation – includes embedding the security into the enterprise, through standards, such as Security Development Lifecycle (SDLC), which will remove the threats earlier in IT projects and reduce re-coding costs. As Comsec has provided SDLC services directly to software product companies, as well as enterprises we have seen a one hundred fold increase in security cost-efficiency in comparison to relying purely on the testing phases.

• Consolidation and Optimisation of Security Controls – removing unnecessary security technology and improving processes. Each year new security technology and additional controls are layered on top of existing systems. However, these are often done without examining the change in the threat landscape, which results in potentially older redundant controls, e.g, consolidating firewalls and intrusion detection solutions, where externalisation has opened up ports making some of the network segmentation unnecessary.

• Utilising Security Features – utilising security features across other divisions of the business and capitalising on inbuilt software technologies, providing central management and ongoing cost reduction as well as increased security. Many features, such as those found in identity and access management can lead to cost savings in other parts of the business, e.g., if there is a single view on the user-base, better software license terms can be arranged.

• Simplification – simplifying the security environment can aid in cost containment and reduction and will also lead to a more secure enterprise. For example, simplifying training by combining SOX, ISO27001 and PCI IT security awareness will be both cost-efficient and actually more beneficial to the end users, as many of the messages in these disciplines overlap.

• Supplier Management – through consolidating suppliers of security services, cost reduction can easily be achieved through economy of scale, reduction of procurement costs and global pricing. For example, after gaining in depth knowledge of an enterprise application, security white box testing on incremental changes, rather than full penetration testing can reduce cost expenditure.

For a copy of the Advisory Paper, entitled ‘Managing the Cost of Information Security’ please visit

Mr Okin says, “As security projects often involve several different departments and stakeholders, all with different risk appetites, they can suffer from frequent delays and scope changes. Therefore with a centralised agenda, as well as a clear cost focused business case, security programmes and operations are going to be implemented faster and more efficiently, with an overall improvement to the enterprise’s risk position.”

About Comsec:

Comsec Consulting (TASE: CMSC), is a leading provider of Information Security and Operational Risk services to organisations worldwide. Founded 20 years ago, Comsec operates offices in the United Kingdom, Netherlands, Poland, Turkey, France, Israel and with affiliates in the far east. Comsec covers all aspects of Information Security, from strategy and architecture, planning, design, ERP security services and advanced security solutions, as well as PCI and ISO27001 compliance, to all market sectors. In addition, Comsec provides deep level application threat assessment and testing services to leading software development companies and enterprises across the globe.

Please visit

For further information, please contact:

Paula Averley
t. 020 8224 9933
m. 07766 257776

This press release was distributed by ResponseSource Press Release Wire on behalf of Hothouse Communications in the following categories: Personal Finance, Business & Finance, Computing & Telecoms, for more information visit