When it comes to procuring the correct software for an organization Ricardo LaFosse, CISO for Cook County, Ill. made several to the attendees at SC Congress Chicago today.
LaFosse gave an overview of the procedures he has in place when shopping for his county, which has 5 million residents and encompasses 134 different municipalities.
His first recommendation is to decide whether the software is needed or just desired by the security staff. Once that litmus test is passed the procurement officer should contact several vendors to see which offers the best product and at the same time check in with other CISOs or peers for their thoughts on the proposed purchase to obtain their thoughts.
When it comes time to make the purchase LaFosse said it's always a good idea to work out how much a potential breach could cost the organization so as to justify the cost to those holding the purse strings.