Security Management Strategies for the CIORequires Free Membership to View
Without really knowing the situation, it's hard to say whether that is appropriate. I have seen many organizations work far more efficiently and effectively with tighter budgets.
But let's assume for the sake of argument that losing the funding will significantly affect the security team's ability to protect the company from future breaches. It is now your job as security manager to communicate effectively to the executives that information security is more important than ever before.
In the case of large breaches, organizations such as the FTC can and do impose more then just fines: they mandate that certain actions be taken to prevent future breaches. This usually translates into making serious IT investments to improve security. If your company is in this situation, gather together these new requirements into a slide or two as justification for why the IT security department needs continued funding.
Even, if you don't have an outside mandate, gather together examples of the above data, because it shows you are actively interested in the health of the company and preventing a future breach. Still, without an outside mandate, this is a more challenging presentation, so it's important that you have good business justifications for your projects and that the projects are focused on addressing issues discovered as a result of the recent breach.
For more information:
This was first published in January 2009
Join the conversationComment
Share
Comments
Results
Contribute to the conversation