Getting Your Security Budget Approved without FUD

Security teams need resources if they are going to be successful protecting an organization’s information assets. However in most organizations it is challenging to get even the resources needed to fulfill compliance requirements – to say nothing of those needed to actually run a successful security program. A common tactic is to resort to fear, uncertainty and doubt (FUD) tactics, but those often miss the mark and can get security leaders branded as “Chicken Little” characters – always crying out that the sky is falling. John Dickson has worked with a number of CISOs and other security leaders to move beyond these approaches, and this presentation from RSA 2014 contains some of the insights he’s developed along the ways.

See a copy of John’s slides and video here:

The abstract for this talk is:

Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can accomplish. This session reveals the six common factors that successful CISO’s use to quantify needs and justify security budget with non-technical executive leaders. Research and data gleaned from over 40 interviews with high-profile CISO’s provide some interesting results.

Contact us for help crafting a plan to get the budget and other resources you need to run an effective information security program.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *