In “How to sell cybersecurity to your executive team,” I discussed strategies to sell cybersecurity to your board of directors, executives, and business leaders using a standards-based approach. Ultimately, this strategy would lead to you receiving a larger cybersecurity budget. Ample security budgets are rare, but by speaking the executive team’s language, using metrics and visuals, and getting outside verification, you’re bound to get the occasional healthy budget increase.
So, you’ve followed those steps, and have been rewarded with a larger security budget. Because no good deed goes unpunished, this forces a difficult question: what should you do with the money? Your budget won’t increase every year, so it’s important to make the most of the opportunity. It’s vital that you use a standards-based approach to allocate the funds to measure your return on investment and get optimal improvement.
Use framework to determine allocation
It’s important that you allocate new funds where