Ask the Expert

What are some tips on protecting my security budget in a poor economy?

It looks like the Wall Street crisis is going to have a long-lasting effect on the entire economy, so as a security manager I'm expecting to be asked to cut my budget. Do you have any tips to help me protect my budget, especially since we don't have all our bases covered as it is?

    Requires Free Membership to View

It's a reasonable assessment to think that budgets will be cut. In tight economic times, even the security team has to tighten the belt and try to do more with less. Yes, even if not everything is done. So accept the fact and move forward from there.

The first key to surviving in a down economy is to focus on what's important. How do you know what's important? Ask the senior management team. Ask about the priorities of the business, pose your own questions and make sure they understand what can and can't be done with the resources you have. This will provide great insight into what can be put off and what can't. Once it's clear what absolutely needs to be protected, then start working scenarios to make sure it happens.

Before this meeting, it's a good idea to build three different funding scenarios. The first is what's necessary to really get the job done. This will probably not happen, but showing the fully funded option is good for comparison's sake. The second scenario should focus on what gives reasonable comfort that key assets will be adequately protected. This is the situation to push for, but don't be too disappointed if it doesn't happen. Remember, times are tough.

Lastly, build the worst-case scenario. This is the absolute minimum level of funding needed to protect critical assets. Also, be clear and detailed about what could happen if the security team doesn't get at least this minimum level of funding.

Bonus scenario: When presenting the above three scenarios to the management team, I suggest having a fourth scenario, a "pull the rip cord" scenario ready. This would be the smallest amount of money possible to allow for any chance of success. If the senior team won't give this level of funding, then it's time to look for another job, because it's only a matter of time before key data and systems are compromised, and it's not a good idea for your career to be there when it happens.

More information:

This was first published in October 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: