During the last few years, I have seen organizations of all sizes struggle with how best to allocate their cybersecurity budgets among the myriad of recommended best practices, compliance requirements, and technical and administrative controls claiming to reduce cyber risk.
Given flat or marginally increased budgets, how do we strengthen cyber posture in the face of increased use of cloud resources, work-from-home, and innovative adversarial threats? Is it possible to improve cyber posture without big increases in budget? My experience says yes. It's a matter of prioritizing which controls are improved or replaced, and/or adding new controls. But realistically I found the decision-making process too ad hoc. Too subjective.
We need a more formal analysis and decision-making process that provides a degree of
objectivity, repeatability, and documentation. Jim Lipkis and his team have been working on this problem for close to three years.
I am excited to join Monaco Risk to help organizations cost-effectively improve their cyber posture. Don’t get me wrong, budget increases are great when you can get them. But even then, controls need to be prioritized.
If you are curious about our process and tools for improving cyber posture in a constrained budget environment, please use "Contact Us" at the bottom of the home page.
Comments