When I have a chance to talk about security investments, whether in people, processes or technology, I always try to ask one question: How do you think this can pay off? The answers vary greatly, but they can be distilled into one or more of these four categories:
This investment will save us money by reducing ongoing costs.
This investment will help us comply with contractual obligations or industry or government regulations.
This investment will reduce our business risks (by reducing probability, impact or both).
This investment will enable us pursue new business opportunities.
All four elements seem to be good reasons to invest. But where does each of these fit in the conversation, and how do you put it all together? Let’s look at each element in turn.
Organizations know they must comply with relevant regulations simply to continue staying in business. Many IT security teams leverage this and position new security initiatives as a must for compliance. It’s not uncommon to hear a tip like “use compliance to fund your security initiatives” in professional communities or conferences.
In general, it is true that regulations attempt to set minimum guidelines for securing certain types of data or activities. However, no regulation can give you a universal guidebook for securing your specific business against the current threats at a particular moment in time.
More Info: entry level comptia a+ jobs
No comments:
Post a Comment