“A balance scorecard enables you to weigh
security costs and business priorities so that
you can make wise security investments.”

• Securing complex IT environments depends on running a proactive security practice. To do that successfully, you must align a business’s security requirements with technology needs
  and available resources.
• With too much complexity in the system, you manage the complexity rather than the outcomes you are trying to get from that security stack. That’s one reason it’s so
  important to have technology that integrates across the stack.

“Better technology integration reduces the staff overhead required to manage the entire security program.”

In any organization, cybersecurity is 30–40% technology and 60–70% human behavior. At the end of the day, you can’t have a good cybersecurity program if your organization doesn’t understand it and actively buy into it.

Securing complex IT environments depends on running a proactive security practice. To do that successfully, you must align a business’s security requirements with technology needs and available resources. One approach is to develop a scorecard that balances security needs against other competing priorities. On the security side of the equation, you would include risks, the likelihood of those risks being realized, their potential impact to the business, and the cost of addressing those risks. This enables you to weigh security costs and business priorities so that you can make wise security investments.

This balance scorecard will continually change to reflect changes in the IT environment, threat landscape, and business needs. By translating that scorecard into a strategic roadmap for presentation in nontechnical, business language, you can win buy-in from key leaders in the organization. This does more than help you make smarter decisions about resource allocation and technology investments. It brings the rest of the organization into the security process and gives them an ownership stake in cybersecurity.

This is an excerpt from 7 Experts on Optimizing Your Security Stack.  This series was generously sponsored by Carbon Black.