When allocating budget between security initiatives, how do you prioritize these to ensure flexibility and maximize impact?
Sort by:
It's interesting how the need for diversity in our supply base for resiliency purposes can sometimes drive costs up, moving us away from a single solution and even increasing concentrated risk.<br>
Absolutely — it's a balancing act between risk and reward at every decision point. Having diverse voices in the discussion helps eliminate blind spots and optimize our service portfolio, considering the critical nature of the services we deliver for the cyber program. This approach aims to sustain and protect the business simultaneously.<br>
Absolutely, any time you go shopping you have items that must-have, good-to-have and nice-to-have or a very good deal.
Thus, link investments to security initiatives that are linked to biggest risks or event better business enablers. Then proactively say that you could drop if needed
There are multiple perspectives to consider. While optimization is key, it's crucial to incorporate a tech strategy that aligns with our product and service portfolio. This approach is sometimes overlooked. Drawing from my experience in IT operations and IT service management, I see the decision between building versus buying as one that fluctuates based on various factors such as budget size, infrastructure complexity and resource availability. In a large financial institution, this is an ongoing discussion.
Our progress lies in developing an optimization strategy that considers all these variables, including product and service portfolio optimization and threat capabilities. It's essential to weigh financial considerations against concentration risk. If there's significant concentration risk with a particular vendor, we need to reassess our approach. Our strategy involves evaluating contracts and consolidation opportunities while ensuring our ability to withstand cyber attacks or disruptions. It requires input from diverse subject matter experts, including budget and finance teams as well as resilience strategists, to ensure a comprehensive approach.