Security teams need resources if they are going to be successful protecting an organization’s information assets. However in most organizations it is challenging to get even the resources needed to fulfill compliance requirements – to say nothing of those needed to actually run a successful security program. A common tactic is to resort to fear, uncertainty and doubt (FUD) tactics, but those often miss the mark and can get security leaders branded as “Chicken Little” characters – always crying out that the sky is falling. John Dickson has worked with a number of CISOs and other security leaders to move beyond these approaches, and this presentation from RSA 2014 contains some of the insights he’s developed along the ways.
See a copy of John’s slides and video here:
The abstract for this talk is:
Getting a security budget approved is a challenge, but it is arguably the single most important task a security leader can accomplish. This session reveals the six common factors that successful CISO’s use to quantify needs and justify security budget with non-technical executive leaders. Research and data gleaned from over 40 interviews with high-profile CISO’s provide some interesting results.