In turn, applying business logic helps the CISO achieve budget goals and greater satisfaction when day-to-day security operations align with the strategic goals and priorities of leadership including the board. CISOs who lead security programs that look at the business risk landscape are more likely to be satisfied with their budgets once this alignment is done, according to an IANS report.
However, in practice, CISOs can find themselves facing a serious dilemma, according to Richard Watson, global and APAC cybersecurity consulting leader at EY. On the one hand, the board may express a low desire for cyber risk, but on the other hand, management may say there is a need to cut a certain percentage from the budget. “These are positions that are almost impossible to fix, yet I see many CISOs struggling with this dilemma,” Watson said.
Although the CFO is very involved because of their budget management role, in these types of situations, Watson says it is important for CISOs to highlight these conflicting goals and look to natural partners to help build support for their budget.
Source link