Ensuring that you gather the correct requirements is critical for your security budget. This will ensure that you have the right level of defensibility before going to build the budget. This phase will take you through the following activities:
- Elect an executive champion.
- Review the risk tolerance level and review the risk register.
- Review the mitigation effectiveness assessment.
- Review the security strategy.
Use this phase as part of the full blueprint, Build, Optimize, and Present the Risk-Based Security Budget.