Sometimes a disaster strikes: ransomware encrypts critical files, adversaries steal sensitive data, a business application is compromised with a backdoor… This is the stuff that CISOs’ nightmares are made of. As devastating as such incidents can be, for the short time after they occur, the enterprise usually empowers the CISO to implement security measures that he or she didn’t get funding for earlier.
Of course, waiting for disastrous events is a reckless and unproductive way to fund cybersecurity purchases. How can you make a proactive business case for justifying expenses that advance your security program? I have a few suggestions based on my prior consulting experience and my recent work as a CISO at a cybersecurity firm.
Security practitioners used to point to the need for defense-in-depth when explaining why the organization should fund yet another cybersecurity measure. Unfortunately, this principle alone doesn’t clarify ..
Support the originator by clicking the read the rest link below.
