Build, Optimize, and Present a Risk-Based Security Budget
Get the budget you deserve.
Onsite Workshop
Developing a security budget using gut feeling or best guesses results in:
- Misallocation of dollars toward security controls.
- The inability to articulate the value of security to the business.
- A constant need to ask for more funding throughout the year.
Building and presenting a risk-based security budget will:
- Allow for the best possible allocation of dollars toward security controls for your organization.
- Communicate the value of security to the business.
- Gain support and approval for the budget from other stakeholders through early conversations.
Module 1: Review Requirements for the Budget
The Purpose
- Understand your organization’s security requirements.
- Collect and review the requirements.
Key Benefits Achieved
- Requirements are gathered and understood, and they will provide priorities for the security budget.
Activities: | Outputs: | |
---|---|---|
1.1 | Define the scope and boundaries of the security budget. |
|
1.2 | Review the security strategy. |
|
1.3 | Review other requirements as needed, such as the mitigation effectiveness assessment or risk tolerance level. |
|
Module 2: Build the Budget
The Purpose
- Map business capabilities to security controls.
- Create a budget that represents how risk can affect the organization.
Key Benefits Achieved
- Finalized security budget that presents three different options to account for risk and mitigations.
Activities: | Outputs: | |
---|---|---|
2.1 | Identify major business capabilities. |
|
2.2 | Map capabilities to IT systems and security controls. |
|
2.3 | Categorize security controls by bare minimum, standard practice, and ideal. |
|
2.4 | Input all security controls. |
|
2.5 | Input all other expenses related to security. |
|
2.6 | Review the different budget options. |
|
2.7 | Optimize the budget through defense-in-depth options. |
|
2.8 | Finalize the budget. |
|
Module 3: Present the Budget
The Purpose
- Prepare a presentation to speak with stakeholders early and build support prior to budget approvals.
- Present a pilot presentation and incorporate any feedback.
- Prepare for the final budget presentation.
Key Benefits Achieved
- Final presentations in which to present the completed budget and gain stakeholder feedback.
Activities: | Outputs: | |
---|---|---|
3.1 | Begin developing a communication strategy. |
|
3.2 | Build the preshopping report. |
|
3.3 | Practice the presentation. |
|
3.4 | Conduct preshopping discussions with stakeholders. |
|
3.5 | Collect initial feedback and incorporate into the budget. |
|
3.6 | Prepare for the final budget presentation. |
|