Regulatory compliance is a weak justification for security spending. Assess the risks in your organization, decide how to mitigate them and budget accordingly.
At what point do you just give in? Or have security executives already done so?
I’m not talking about how tough the threats are or how difficult the challenge is in managing complex security environments. I’m talking about how security spending gets justified.
Over the past few months I have seen a number of market studies come across my desk that all reaffirm something we have been seeing for several years. Namely, that the top driver used by security executives to justify security investment is regulatory compliance. With the growing burden of regulation, this shouldn’t come as any surprise to CSO’s readers. But it also shouldn’t be surprising when I point out that this is far from the best way to justify investment, and that’s where I feel compelled to take some of our readers to task.
See full Article.
Posts
