A CISO’s job can be one of the most stressful in cybersecurity. It can sometimes feel like an avalanche of responsibilities, all in the pursuit of keeping an organization safe.

The problem more often than not comes down to the issue of obtaining funding for new technology that can make the job easier. In reality, CISOs can’t always obtain the executive buy-in necessary for receiving that funding. Their organization’s security posture then suffers as a result.

To help CISOs who are in this position, we asked a group of experts to weigh in on the following question: What are some ways to achieve buy-in for cybersecurity projects?

Maurice Uenuma | LinkedIn

I think we have all learned by now that it’s nearly impossible to accurately quantify Return on Investment (ROI) in any sort of security initiative. Security inherently is a process of dealing with the unknown. So, it’s always tough. There are, of course, some ways to measure the financial impact of breaches – for example, the average cost of a breach to an enterprise or a financial impact per record stolen. That data is available, but ultimately, it comes down to each organization looking at its own place in the world and understanding what it can tolerate and what it cannot. This is risk management. Do you mitigate the risk, transfer it, share it, and so forth? That is going to drive a lot of the discussion.

An important part of risk management is understanding the identity and purpose of the organization as well as being able to speak to that. For instance, for banking and financial services, the integrity of financial transactions is critically important. For critical infrastructure owner/operators, the reliability of control systems to support life and limb is very important. In the automotive industry, safety is important. (Read more...)