Menu 

Financial Planning for Security

Financial Planning for Security

By Sahan Fernando – Director, Managed Security – Intrinium 

Budget success depends on having a strategic IT plan and vision, executed by a strong leader and supported by good processes. With the fiscal year 2019 right around the corner, this is something we all need! 

If your organization does not have a CIO in-house, we recommend bringing in a vCIO (Virtual Chief Information Security Officer) to develop the right leadership, vision, and processes. Intrinium’s vCIO offering is an economic and strategic executive solution that costs less than that of a full-time employee (FTE), and our methodology will maximize your risk management. 

The role of the vCIO is to advise the development of a cohesive, strategic IT plan for the next one to three years. This is essential for effective budgeting, particularly from a security mindset. The vCIO is also great for ensuring you have C-level leadership and strategy to execute your organization’s vision and align initiatives with your business needs. 

A proper assessment of service providers and new initiatives is also essential to budget success. Our recommendation is: 

  • Clearly, document the business needs and wants along with expectations from a solution. 
  • Utilize a formal request for information or request for proposal (RFP).  

Not all businesses have the luxury of being able to utilize an RFP, so you may need to follow a different assessment process. The important thing is to ensure that solutions and vendors are properly vetted so that the business can make a fully informed decision. Once you select a service provider, their responsibility is to ensure that overall risk is communicated to stakeholders and they understand what is being accepted.  

From a budgetary standpoint, a security program should provide appropriate protection corresponding to the value of the asset. We’ve seen plenty of tools thrown at problems rather than executing a strategic, intentional vision that aligns with business needs. If your organization chooses to accept risk in an organized, informed manner, you have still done your job, it is all about how to help the business balance that accepted risk /transfer and actual mitigation.   

This risk management process allows you to be intentional with your IT spend. Spend an appropriate amount relative to the value of the asset and ensure that stakeholders are agreeing with the risks being accepted. Proactively communicating and strategically planning will result in the ability to successfully navigate making informed decisions for your organization’s fiscal planning.  

 

 

Pin It on Pinterest

Share This