Metrics and Budgets

Metrics and Budgets news, information, and how-to advice

rich banker cigar money fire greed
muddy waters

Wearing multiple hats in IT

Security challenge: Wearing multiple hats in IT

Handling both security and IT duties involves a daily balancing act for the resource-constrained IT organizations that must take this approach. But along with the challenges, there can also be benefits.

grade blackboard cminus

Is security making the grade? What IT and business pros really think

When it comes to security, who’s in charge, where do roles and responsibilities overlap, and what are the biggest challenges to aligning infosec and business goals? A joint CSO, CIO, Computerworld survey sheds some light.

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training

phishing

How do you measure success when it comes to stopping Phishing attacks?

What's considered a win when it comes to Phishing? This question was posed to IT workers and non-executive types earlier this month, and everyone had a different opinion on the topic. The general feeling among defenders was that a...

budget

Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

keeping score

What’s in a security score?

In May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and...

gap stretching

Insurers working to fill cyberinsurance data gaps

Insurers are starting to expand their services to better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur

crowd stadium

Can crowd security testing be cost efficient for web apps?

Can Bug Bounty programs be a cost-efficient complement for security testing of modern web applications?

cash 100s bills

Training helps CISOs stay relevant

Lack of funding, resulting from poor business alignment, is the biggest risk facing any security program. The SABSA security architecture methodology can help solve this problem.

Business strategy wall

Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...

Scissors cutting money for budget slashing

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up...

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

raise money bonus windfall

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

ball of twine string

How long is a piece of string? The challenges and benefits of benchmarking security culture

Measuring security culture is challenging, but increasingly important to information security as we seek to maximize the value of people as well as technology to protect organizations. Asking how a security culture stacks up is like...

Credit card on fire

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.

auditor

How an audit can shore up your security strategy

The high-profile data breaches of recent years have forced many organizations to take a closer look at their security technologies and policies, experts say.

07 budget

How to convince the CFO of the budgetary security need

It had been custom for organizations to think of cyber security in terms of an information technology (IT) problem best left to IT people to address and fix. However, as more prolific breaches were publicized exposing a variety of...

shield piggy bank savings money invest

Five rules to conduct a successful cybersecurity RFP

It’s too early to speak about a cybersecurity bubble, however, it becomes more and more difficult to distinguish genuine security companies, with solid in-house technologies, and experts with flashy marketing and FUD (Fear,...

Load More