Build, Optimize, and Present a Risk-Based Security Budget
Get the budget you deserve.
Book This Workshop
Developing a security budget using gut feeling or best guesses results in:
- Misallocation of dollars toward security controls.
- The inability to articulate the value of security to the business.
- A constant need to ask for more funding throughout the year.
Building and presenting a risk-based security budget will:
- Allow for the best possible allocation of dollars toward security controls for your organization.
- Communicate the value of security to the business.
- Gain support and approval for the budget from other stakeholders through early conversations.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Review Requirements for the Budget
The Purpose
- Understand your organization’s security requirements.
- Collect and review the requirements.
Key Benefits Achieved
- Requirements are gathered and understood, and they will provide priorities for the security budget.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Define the scope and boundaries of the security budget. |
|
| 1.2 | Review the security strategy. |
|
| 1.3 | Review other requirements as needed, such as the mitigation effectiveness assessment or risk tolerance level. |
|
Module 2: Build the Budget
The Purpose
- Map business capabilities to security controls.
- Create a budget that represents how risk can affect the organization.
Key Benefits Achieved
- Finalized security budget that presents three different options to account for risk and mitigations.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Identify major business capabilities. |
|
| 2.2 | Map capabilities to IT systems and security controls. |
|
| 2.3 | Categorize security controls by bare minimum, standard practice, and ideal. |
|
| 2.4 | Input all security controls. |
|
| 2.5 | Input all other expenses related to security. |
|
| 2.6 | Review the different budget options. |
|
| 2.7 | Optimize the budget through defense-in-depth options. |
|
| 2.8 | Finalize the budget. |
|
Module 3: Present the Budget
The Purpose
- Prepare a presentation to speak with stakeholders early and build support prior to budget approvals.
- Present a pilot presentation and incorporate any feedback.
- Prepare for the final budget presentation.
Key Benefits Achieved
- Final presentations in which to present the completed budget and gain stakeholder feedback.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Begin developing a communication strategy. |
|
| 3.2 | Build the preshopping report. |
|
| 3.3 | Practice the presentation. |
|
| 3.4 | Conduct preshopping discussions with stakeholders. |
|
| 3.5 | Collect initial feedback and incorporate into the budget. |
|
| 3.6 | Prepare for the final budget presentation. |
|