Paul Proctor

A member of the Gartner Blog Network

Paul Proctor
VP Distinguished Analyst
10 years at Gartner
28 years IT Industry

Paul Proctor is a vice president, distinguished analyst, and the chief of research for security and risk management. He helps organizations build mature risk and security programs that are aligned with business need. Read Full Bio

Coverage Areas:

How to Get Funding for Your Security Program

by Paul Proctor  |  February 8, 2013  |  Comments Off

CISO’s biggest challenge by far is getting executive management to appreciate (and fund) what they do. This scene plays itself out time and time again across the globe in every industry:

CISO walks in to the CFO’s office and says “I need $1M to protect the company.” CFO says “How much did you spend last year?”. CISO: “Nothing.” CFO: “…and what happened?” CISO: “Nothing.” CFO: “Ok, go do that again.”

The good news is that you can beat this by changing the narrative. Stop asking for money and start asking for decisions. We all live in a continuum of risk wherein we choose to spend less money and experience more risk OR spend more money and experience less risk. Explain this to the decision makers and ask them to commit to their choice as to where they want to live on this continuum.

130207 Risk posture is a choice

Choosing to save some money and experience more risk is a legitimate business decision. The failure is allowing executives to live there without making a conscious choice. CISOs are their own worst enemy when they position themselves as defenders of the organization because it lets the executives skate on accountability.

Saying the risk is owned by the business is not just a platitude. A CISO must have the ability to translate this into reality.

I’ve arranged to have this Gartner research report made available until March 5, 2013. Non Gartner clients have to register to get it, but I think most will find it worthwhile.

Gartner Report: Eight Practical Tips to Link Risk and Security to Corporate Performance

Non-Gartner clients click here to get report

Gartner clients click here to get report

Twitter @peproctor

Comments Off

Category: Uncategorized     Tags: