The book includes insights from the following experts:
- Richard Rushing, CISO, Motorola Mobility, You Must Relate Requests to Concrete Problems You Will Solve >>
- Genady Vishnevetsky, CISO, Stewart Title, Understanding Business Priorities is Key >>
- Kevin McLaughlin, Deputy CISO, Stryker, An Executive Level Steering Committee is Critical to CISO Success >>
- Suzie Smibert, Global Director Enterprise Architecture and Chief Information Security Officer, Finning Financial, The CISO Needs to Be a Business Leader More Than a Technical Leader >>
- Vicky Ames, Director, Information Security, Risk and Vulnerability Management, Marriott International, To Quantify Risk, Assess Potential Loss Events >>
- Surinder Lall, Senior Director Information Security, Viacom, When Quantifying Risk, Make It Real and Tangible >>
- Heath Taylor, Director, Information Security Compliance, Live Nation Entertainment, You Need to Understand Risk and Make It Tangible >>
7 Experts on Justifying Security Spend was generously sponsored by Nehemiah Security.
When it comes to cybersecurity, every organization builds a program based on its own asset portfolio, unique business culture, and operational challenges. Regardless of its specific needs, every security program must do two things: prioritize, and sell itself to senior management. How do security executives do this successfully?
With generous support from Nehemiah Security, we asked seven security experts the following questions:
How would you advise a new CISO in justifying their prioritization and spend to senior executives, and what strategies would you recommend for communicating needs and risks to management?
In speaking with security practitioners from diverse industries, it is clear that the key lies in how they quantify the business impact of risk. However, risk means different things to different businesses. The challenge then comes down to deciding what is most important to the business, what are the true costs of losing it, and how that compares to the cost of preventing its loss.
The essays in this eBook offer practical strategies, advice, and examples showing different approaches to calculating risk, and how to use that effectively in presenting to senior management. I’m certain anyone who needs to justify their security program will benefit from the experiences of these professionals.