Ask any cyber security specialist what their biggest challenge is, and you will get a variety of answers \u2014 ranging from strengthening network security, to managing internal threats, to protecting against cyber espionage. But upon further investigation, you may be surprised to learn that the unanimous pick for the biggest challenge cybersecurity professionals face is simply getting the funding necessary to carry out a security program. There are a great deal of resources and technical support available on how to deal with the never-ending list of threats that arise daily; and we have plenty of opportunities to learn and digest security best practices. However, little information or guidance is available to prepare one for the dreaded budget discussion when new or continued funding is necessary to maintain a strong cyber security posture.<\/p>\n","protected":false},"excerpt":{"rendered":"
In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. To start the budget discussion, you must stress cost avoidance rather than profits and you will need hard, empirical evidence to depict the business risks and associated costs. Therefore, the best way to approach senior management to fund your cybersecurity program is to cast the expenditures using an ROI approach.<\/p>\n
1. Set the foundation for security funding before you need it; and once established, keep it strong. Link: http:\/\/www.csoonline.com\/article\/732053\/10-tips-to-secure-funding-for-a-security-program?source=CSONLE_nlt_update_2013-04-21<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-234","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=234"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/234\/revisions"}],"predecessor-version":[{"id":2721,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/234\/revisions\/2721"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/span> 2. Don’t use scare tactics.<\/span>
\n3. Establish your cybersecurity credentials within your organization.<\/span>
\n4. Relate your security risks to the business.<\/span>
\n5. Outline the need in plain English.<\/span>
\n6. Develop a plan that meets the security needs but also considers financial constraints.<\/span>
\n7. Once you get the funding, follow the plan you outlined.<\/span>
\n8. Provide constant feedback on the security program.<\/span>
\n9. Use outside resources to support your request.<\/span>
\n10.Always emphasize that cyber security is not an “information technology” issue \u2014 it is an organizational risk management issue.<\/span>
<\/p>\n