You Must Relate Requests to Concrete Problems You Will Solve
- Turning risk into dollar figures can be a complex calculation involving many aspects of the business that are difficult to quantify, like brand value and real revenue impact.
- Work with financial professionals in the organization who will be able to help devise dollar measurements for real cyber risk scenarios that must be addressed.
“When it comes to discussing security priorities with executive leadership, risk will be at the center of that conversation.”
Setting priorities in a security practice requires understanding how the business arrived at its current security posture and at the same time, focusing on a vision of where you want to go. “It’s a problem we all face,” says Richard Rushing, chief information security officer (CISO) at Motorola Mobility. “You have to understand what the business wants, and you have to know what is important to the business.”