Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Build, Optimize, and Present a Risk-Based Security Budget

Get the budget you deserve.

  • Year after year, CISOs need to develop a comprehensive security budget that is able to mitigate against threats.
  • This budget will have to be defended against many other stakeholders to ensure there is proper funding.
  • Security budgets are unlike other departmental budgets. Increases or decreases in the budget can drastically affect the organizational risk level.
  • CISOs struggle with the ability to assess the effectiveness of their security controls and where to allocate money.

Our Advice

Critical Insight

  • CISOs can demonstrate the value of security when they correlate mitigations to business operations and attribute future budgetary needs to business evolution.
  • To identify the critical areas and issues that must be reflected in your security budget, develop a comprehensive corporate risk analysis and mitigation effectiveness model, which will illustrate where the moving targets are in your security posture.

Impact and Result

  • Info-Tech’s methodology moves you away from the traditional budgeting approach to building a budget that is designed to be as dynamic as the business growth model.
  • Collect your organization's requirements and build different budget options to describe how increases and decreases can affect the risk level.
  • Discuss the different budgets with the business to determine what level of funding is needed for the desired level of security.
  • Gain approval of your budget early by preshopping and presenting the budget to individual stakeholders prior to the final budget approval process.

Build, Optimize, and Present a Risk-Based Security Budget Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build, optimize, and present a risk-based security budget, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Review requirements for the budget

Collect and review the required information for your security budget.

2. Build the budget

Take your requirements and build a risk-based security budget.

Build, Optimize, and Present a Risk-Based Security Budget preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Review requirements for the budget
  • Call 1: Determine which efficacy option is needed.
  • Call 2: Review risk management work and the mitigation effectiveness assessment.
  • Call 3: Review the security strategy and roadmap.

Guided Implementation 2: Build the budget
  • Call 1: Map business capabilities to security controls.
  • Call 2: Input all costs including security controls, general expenses, and IT-system specific expenses.
  • Call 3: Review three budget outputs based on bare minimum, standard practice, and ideal need, and discuss how to optimize.

Guided Implementation 3: Present the budget
  • Call 1: Develop budget stakeholder presentation.
  • Call 2: Collect feedback and incorporate into the final budget request.

Authors

Filipe De Souza

Azzam Jivraj

Ian Mulholland

Contributors

  • David Tyburski, CISO, Wynn Resorts
  • Rich Mason, President & CISO, Critical Infrastructure, LLC
  • Robert Hawk, Information Security Expert, xMatters, Inc.
  • Sky Sharma, CIO
  • Steven Woodward, CEO, Cloud Perspectives
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019