How CISOs can justify cybersecurity purchases

2020-02-04 06:30

How can you make a proactive business case for justifying expenses that advance your security program? I have a few suggestions based on my prior consulting experience and my recent work as a CISO at a cybersecurity firm.

Security practitioners used to point to the need for defense-in-depth when explaining why the organization should fund yet another cybersecurity measure.

Another reference to consider when deciding what security measures your enterprise needs is the Cybersecurity Defense Matrix, created by Sounil Yu. It offers a convenient way to understand the role that your various security tools play and helps identify portfolio gaps.

If you need additional ammunition to justify must-have cybersecurity measures, your company's attorneys might help.

The various frameworks above help you to explain how your security measure - and the associated funding request - fits into your broader plans for securing the organization.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/VOFAz08B6nk/

#ciso #cybersecurity