A few days ago, a reader asked if I could help him justify the cost of security training that he and his fellow Unix system administrators felt they needed. I gave the reader a variety of ideas, one of which is sure to resonate with his manager. When making your pitch, you might want to try these reasons. . . .
A few days ago, a reader asked if I could help him justify the cost of security training that he and his fellow Unix system administrators felt they needed.

I gave the reader a variety of ideas, one of which is sure to resonate with his manager. When making your pitch, you might want to try these reasons:

1. Avoidance of a costly security incident. The knowledge and skills gained in security training will help system administrators do a better job of securing systems. For instance, host hardening may help to prevent a break-in. Improving password quality may fend off a dictionary attack.

Security incidents are expensive, disruptive and could cause long-term pain for people's careers. Incidents interrupt and take the momentum out of projects and turn department priorities upside down.

2. Avoidance of disruptive downtime. Often, when the knowledge gained in security training is applied to host hardening, those systems have added resiliency. This will make them more resistant to attacks, improving availability.

No one likes downtime, especially unscheduled downtime for security reasons. Unscheduled downtime hurts those end-of-month metrics and other performance indicators.

The link for this article located at computerworld.com is no longer available.