As the world starts preparing for the festive season, many will have moved on from paying lip service to cyber security month in October. However, no one can afford to take their eyes off the ball because securing IT systems is a year-long endeavour.
This undertaking, as important as it is, can be a difficult ask for those tasked with presenting solutions to business leaders who demand clear and cogent answers as to why more budget is required.
A company’s cyber security strategy requires a well-designed risk evaluation framework, whether qualitative or quantitative. This model should be carefully chosen, as it is the blueprint against which a business will plan its response to cyber threats. There needs to be complete commitment within the business to the model that is chosen.
Let’s start at the top. That budget must be made available for cyber security is not in question. What is in question (and sometimes in dispute), though, is the level of protection required and the budget allocated.
When challenged on the need for yet more protection, a CISO, CIO or IT expert will inevitably be asked: “Surely, there can’t just be layer upon layer of protection added?”
The…
