When it comes time for yearly budget planning, the C-level powers responsible for signing the checks rarely see IT security as a grand slam investment. That’s why IT managers and infosec professionals need to make sure they allocate the budget they do have as effectively as possible. The better they protect the organization with the money they do have, the more likely that their requests for increased budget will be answered. In his latest column for Help Net Security, WatchGuard CTO Corey Nachreiner discusses three security buckets for infosec professionals and IT managers to concentrate on in order to allocate their budgets as effectively as possible:
- Prevention
- Detection and Response
- Business continuity and disaster recovery (BC/DR)
Most businesses today put too much emphasis on #1 and not enough on #2 and especially #3. It’s imperative for organizations to allocate a balanced security budget that ensures there are systems in-place to recover from a security emergency. Here’s one of Corey’s recommendations from the article to illustrate this point:
“I recommend investing at least 20 percent of a security budget in tools and services to help quickly recover your business-critical IT facilities in case of an emergency. This will help reduce the recovery time from a security incident and minimize the lost revenue during that time. If a cyber threat like ransomware or a DDoS attack takes out one of an organization’s critical IT resources, they will bleed money until that resource is restored. While a lot of BC/DR is about process, there are a number of products and services including backup, hosting services and virtualization that help.”
For a complete picture of what a well-rounded cybersecurity portfolio should look like, and how to allocate your company’s budget accordingly, read Corey’s article on Help Net Security – and check out the other security concerns Corey is writing about right now here on Secplicity.
Leave a Reply