Who is best informed to have the final decision on how the IT budget should be spent?
Lead Architect14%
Lead Developer15%
Lead Engineer11%
Business Unit Leaders9%
CIO36%
CFO4%
CEO8%
Other (please specify in comment section)2%
615 PARTICIPANTS
VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees
I'm not sure this is the right question. Who is best informed to have the final decision? It's the person who writes the check.*HOW* should that person be informed? Well, it sould be a combination of architects, infosec, business lines and ops people. They all need to play together, including how to figure out staffing to handle any new workload.
Content you might like
10-30 DOS20%
30-50 DOS59%
50-70 DOS17%
70-90 DOS3%
90+ DOS1%
75 PARTICIPANTS
Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read moreHead of Cyber Security in Manufacturing, 501 - 1,000 employees
I would say, DPO and Security team both shall be involved and work hand in hand.Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.
Lets ...read more
I think this is a tricky question because it specifically ask "how" which to me, reads as an execution question. Ultimately the business isn't going to know that you need X servers, Y architects, etc. Also it was specifically about the IT budget. IT, like any other area has its own budget and doesn't really need to be told how to spend it.
However, the decision on how much to allocate is a business decision based on the specific business strategy.
The emphasis on where to spend it is a business allocation. Find those capabilities that are behind from a competitive position and invest more. Find those capabilities/journeys that are ahead and spend less. The specific projects to do so are business problems and the business is accountable for ensuring that the project return the expected return.
IT ensure that it is allocating that budget in a way to be able to execute on those plans.
At least that is the 1 min version of how it should work, accountabilities are clear but it plays out very collaboratively.