Need Your Security Budget Approved? Two Components to Increase Success

Posted by Mark Walsh on Feb 17, 2016 11:39:18 AM

Marks_Budget_Blog_Post.jpgIn the years before business leaders truly understood cyber risk, requested budgets for cyber security departments were often approved without thoughtful consideration or review.  There was a day when CISO’s could basically say to a CIO, “I can’t tell you how much safer this will make us, and I can’t say we absolutely won’t have a data breach, but I need 3.5 million dollars.”  Most of those inflated numbers were driven by the desire to buy the latest security tools that vendors promised would solve all security problems.  The funds were to be spent, generally, on products and the staff to support them.

CISO’s can no longer expect to have large annual budgets approved without tangible, quantified data to back up the necessity.  The days have passed when budgets were built on fear, uncertainty, and doubt (FUD), empire building, or opportunities to buy the trending tools.  Security funding needs to produce measurable results, or at a minimum, be supported by credible metrics that validate the business needs. 

Read More

Topics: Business, Security, Security Program Development

How Security Can Actually "Enable the Business"

Posted by Mark Walsh on Mar 11, 2015 8:50:00 PM

One of the most over-used phrases in security organizations today is “enabling the business.”  It looks great on mission statements and sounds good in meetings, but what does it really mean?  Common answers usually center on “protecting information” and “responding to incidents.”  But are the defensive actions of a security organization truly assisting the company with growth and productivity?  How can security actually help the organization accomplish more work and subsequently add revenue? 

Read More

Topics: Business, Security, eGRC

MILCOM, the 2013 Military Communications Conference

Posted by Eric Noonan on Nov 20, 2013 7:50:00 PM

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.

Read More

Topics: CyberArk, Business, eGRC, Cyber Attack, Breach, Information Sharing

5 Things You Should Do Right Now To Reduce Risk

Posted by Eric Noonan on Mar 1, 2013 8:16:00 PM

 

Read More

Topics: Roadshows, CyberArk, Business, eGRC, Security Leadership, RSA ARcher, Security Assessment, Information Sharing

How CyberSheath Adds Value...

Posted by Eric Noonan on Feb 28, 2013 8:20:00 PM

 

Read More

Topics: Roadshows, CyberArk, Business, eGRC, Automation, Security Leadership, RSA ARcher, Security Program Development, Security Assessment

Can you see the bigger picture?

Posted by Eric Noonan on Feb 26, 2013 8:27:00 PM

 

Read More

Topics: Roadshows, Business, Security, eGRC, Security Leadership, RSA ARcher

Big Data & The Dentist

Posted by Eric Noonan on Feb 26, 2013 8:23:00 PM

 

Read More

Topics: Roadshows, Business, eGRC, Security Leadership, Privileged Accounts, RSA ARcher, Security Program Development, Security Assessment

RSA 2013

Posted by Eric Noonan on Feb 25, 2013 8:31:00 PM

All checked in @RSA 2013 here in San Francisco!

Read More

Topics: Roadshows, Business, Security, eGRC, Security Leadership, RSA ARcher

Standards: voluntary, mandatory, or a waste of time?

Posted by Eric Noonan on Jan 31, 2013 8:34:00 PM

Siobhan Gorman of the Wall Street Journal wrote yesterday that “Fortune 500 companies in a range of industries back a system of voluntary cybersecurity standards”. The topic of cybersecurity standards being voluntary or mandatory often sparks lively debate, but unfortunately it’s the wrong discussion.

Read More

Topics: Business, Security, eGRC, Security Leadership

Slow down and LEAD…so that you can MANAGE

Posted by Eric Noonan on Jan 14, 2013 8:41:00 PM

…that’s my advice for managers and CISO’s who find themselves on the hamster wheel of incident response and day to day operations. It’s easy to get locked into a permanent schedule of daily meetings punctuated by operational crisis and mistakenly believe that security is different from anything else in your business and can’t be managed. Of course it can, but like anything worth doing (dieting and exercise come to mind), it’s hard and results take time to materialize. To do it you have to lead so that you can manage.

Read More

Topics: Business