A panel of IT experts, including those from Bose, Brown University and Genzyme, shared tips about "cheap but good" IT security solutions at Wednesday's SecureWorld Boston event ().

David Sherry, CISO for Brown, noted that his team exploits free Web 2.0 tools and open source software to support its efforts. Among other things, the IT team issues alerts via to call attention to virus threats and has used a blogging program to test out a plan for keeping in touch during a storm or disaster that might keep workers from getting into the office.

Sherry, who came to Brown about eight months ago from the financial industry, said the change from the very locked-down nature of the financial industry to the Wild West university setting came as "a real slap upside the head." One difference has been the school's willingness to employ open source software tools, and he encouraged those even in more buttoned-down organizations to give them a whirl. "You will not find 'cheap but perfect' when using open source," but you might find good enough tools that can save you tens of thousands of dollars vs. commercial offerings, he said. "Tools are getting better and upgrades are coming faster in part because more people are using them and giving more feedback." Sherry noted that Brown runs risk assessments on open source tools just like it would on any other tools.

Being at a university, Sherry said it is only natural to look to students for inexpensive or even free labor, such as during the summer to do penetration testing. He recommends non-university organizations should call around to local schools to see if students are available for internships they might do for free or a nominal stipend.

Sherry said there's also something to be said for centralization, which can cut down on costs of various departments having their own security administrators.