Most CISOs face significant challenges communicating the value of security in business terms, winning budget approval and planning for unanticipated expenses—and find benefits from conferring with and learning from the experiences and successes of their peers.
“While spending money on information security is essential for most companies—be it in the form of technology, awareness, or education—reaching an agreement on how much to spend and where to spend isn’t always easy,” said Candy Alexander , former CISO of Long Term Care Partners and ISSA Board Member. “Knowing how other CISOs overcome budget challenges and what leadership strategies they find effective can sometimes make the difference between winning security budget buy-in or struggling through another year without adequate funding.”
Benchmark data, threat models and other risk-based approaches can help CISOs determine how much should be spent of information security. But corporate culture, industry trends and economic circumstances often create a gap between the ideal security spend and actual budget. Sometimes success requires innovation. When funds are not available to manage security programs by the book, creative management of spending can help CISOs maintain a strong security posture.
The report focuses on 3 key areas to help CISOs successfully navigate the budgeting process.
Determining How Much Should be Spent on InfoSec - New strategies CISOs use to allocate budget along with critical factors to consider when using peer-based benchmarks and model-based approaches.
Budget Estimation and Spending Strategies - How company culture and CISO spending philosophies impact the budgeting process from estimating and justifying expenses to resource planning and preparing for emergencies.
5 Tips for Winning Budget Approval - CISOs share how they use risk-based approaches, collaboration, leadership changes and soft skills to build buy-in for security programs and budgets.
“CISOs and other senior security leaders face many challenges during the budgeting process—including knowing how their security spending compares against similar organizations, allocating budget based on business needs, communicating the importance of security to upper management and gaining critical leadership buy-in,” said Sara Gates, Founder and CEO of Wisegate. “Wisegate exists to help senior IT practitioners overcome these challenges by offering a practical and unbiased information source built on the real-world experience of veteran IT professionals.”
The complete report is available here (registration required).