Ask the Expert

How to preserve an IT security budget from data breach fines

Due to a recent data breach, our organization has been forced to pay numerous fines. Management has decided that a majority of the money should come out of the security budget. How can I convince them that now is the worst possible time to take away our funding, as the security team needs to re-group?

    Requires Free Membership to View

It seems that upper management views the incident as the fault of the IT security team; whether that is actually so, it would seem the bosses feel that it is perfectly appropriate to penalize your team by taking the funds from your budget.

Without really knowing the situation, it's hard to say whether that is appropriate. I have seen many organizations work far more efficiently and effectively with tighter budgets.

But let's assume for the sake of argument that losing the funding will significantly affect the security team's ability to protect the company from future breaches. It is now your job as security manager to communicate effectively to the executives that information security is more important than ever before.

In the case of large breaches, organizations such as the FTC can and do impose more then just fines: they mandate that certain actions be taken to prevent future breaches. This usually translates into making serious IT investments to improve security. If your company is in this situation, gather together these new requirements into a slide or two as justification for why the IT security department needs continued funding.

Even, if you don't have an outside mandate, gather together examples of the above data, because it shows you are actively interested in the health of the company and preventing a future breach. Still, without an outside mandate, this is a more challenging presentation, so it's important that you have good business justifications for your projects and that the projects are focused on addressing issues discovered as a result of the recent breach.

For more information:

This was first published in January 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: