Over the last few months, I’ve had a number of conversations about the need to justify security spending. This year has been tough for a lot of organizations, so IT budgets are generally not growing. Plus, the money already allocated often had to be re-prioritized to meet changing business needs. At the same time, executives and board members become painfully aware of today’s cyber risks and the cost of not paying attention. They expect the IT team and IT security leaders to provide solid data points that enable the most effective security investment decisions
When I have a chance to talk about security investments, whether in people, processes or technology, I always try to ask one question: How do you think this can pay off? The answers vary greatly, but they can be distilled into one or more of these four categories:
This investment will save us money by reducing ongoing costs.
This investment will help us comply with contractual obligations or industry or government regulations.
This investment will reduce our business risks (by reducing probability, impact or both).
This investment will enable us pursue new business opportunities.
All four elements seem to be good reasons to invest. But where does each of these fit in the conversation, and how do you put it all together? Let’s look at each element in turn.
More Info: comptia a+ certification benefits
No comments:
Post a Comment