Saturday, April 20, 2013
10 tips to secure funding for a cybersecurity program
Having established cybersecurity programs in two government organizations, the U.S. National Park Service, and now at Los Angeles World Airports, I have experienced a full range of discussions with a variety of financial teams. In all cases, good communication was the critical ingredient for success and resulted in the necessary funding, over a period of years, to establish and maintain a workable security program. 4. Relate your security risks to the business. Identifying the technical aspects of malware threats, hacking, and Denial of Service attacks will be almost incomprehensible to your senior management and financial decision-makers. Relating the threats to the impact on the business is more meaningful. For example, if you rely on the Internet for sales and you have to shut down your Web portal, the fact you had to shut off your primary business conduit is the critical point. 8. Provide constant feedback on the security program. Bring the financial team into your world as much as possible. Don't wait until you have an emergency and need immediate funding. Continually provide information to the financial team regarding the state of the cyber security world and your organization's place in it. This can be anything from a brief discussion in the hallway to forwarding an email on the latest threat. 10. Emphasize that cybersecurity is an organizational risk management issue. Of all the considerations, this is perhaps the most important. Cybersecurity is not only addressed through the IT department, but also through human resources in the form of personnel policies; your legal counsel through the enforcement of policies; and your senior management team, who must always insist that their employees follow company policies and rules and who may be accountable to stakeholders and/or compliance organizations to meet laws and requirements.