Above all they understand that in tough markets, increasing revenue is harder and harder to achieve. If you can get them to understand that security efficiency has a vital role to play in that drive for revenue then you are halfway there.
But this can be taken further now with the advent of the new model security professional – which is you. As well as simply requiring buy-in to get investment you can now use your new found business skills to get buy-in to new ways of doing business securely.
Working in the new security paradigm means careful investment and possibly, depending on industry sector, redeployment of staff and
resources. But for you to present your carefully worked out plan to accommodate the threats, the board need to be able to see the business case behind the investment.
So you need to be able to demonstrate actual ROI on your ideas. You need to show what can happen in terms of governance, risk and compliance (GRC). And you need to use real world examples of what happens when security investment is not forthcoming – and when it is. You need to push the R button – one thing the board doesn’t like, what any business doesn’t like is exposure to RISK. The leading security vendors can help
you in this with advanced modelling tools – but make sure you turn the maths into business language.
Your ideas on security are likely to be seen as different. It’s up to you to ensure they are seen as innovative and productive. In the end it’s not really a case of getting security buy-in at all any more than marketing or HR need to justify buy-in.
Security should be integral in everything a business does – from marketing, to purchasing and to recruitment. In the end the business is security. The fact that you know this already gives you considerable clout in the boardroom. Go to it.
7 Top Tips for Security Buy-in
1. Quit talking like an IT security professional. To impress the C-Suite you need to talk the language of business, so do it
2. Do your homework. Engage them by demonstrating real- world impact of enhanced business security thinking
3. Become a numbers guy. The C-Suite live for numbers so demonstrate as best you can ROI on security investment
26 2011 | Inform – Issue 5
4. Get to know your industry and adjust your plans accordingly. Different sized and sectored businesses have different threat ratios from the new security challenges
5. Smaller to medium sized organisations with smaller budgets are going to be harder to convince. If that’s you, prepare harder – but remember point 4 above
6. Prepare to be challenged and knocked back. No board is ever going to instantly say yes to extra investment
7. Spread the gospel outside the board and across the enterprise. The word will filter upwards and make your job easier.
| Page 2
| Page 3
| Page 4
| Page 5
| Page 6
| Page 7
| Page 8
| Page 9
| Page 10
| Page 11
| Page 12
| Page 13
| Page 14
| Page 15
| Page 16
| Page 17
| Page 18
| Page 19
| Page 20
| Page 21
| Page 22
| Page 23
| Page 24
| Page 25
| Page 26
| Page 27
| Page 28