New article. While budgets are rising, CISOs might not need to consider how they can cut costs, but that won't last forever. Going through a regular exercise to focus on where to make immediate savings and where to find longer-term savings can be useful. What can be deferred and what can be cut? What is it that the business really cares about? Many thanks to Sam Curry for the input. https://lnkd.in/gq_zydSs Kavitha Mariappan #CISO #cybersecurity #infosec CXO REvolutionaries
In my opinion, there are currently lots of security product company charges that vary providing the same level of security needed to be considered is one of the major options on cutting cost And also negotiations play a major role. But Security is really an essential need for companies needs to be fulfilled to run business smoothly. And Security has lots of dimensions to be looked upon 1) Assess Current Security Spends: a) Conduct a thorough audits b) Analyze ROI 2) Prioritize Risks a) Risk assessment b) Focus on high impact areas 3) Optimize Security Tools & Services a) Consolidate tools b) Vendor negotiations 4) Enhance Internal process a) Employees Training b) Incident response plans
Yakir Golan
3w
Fantastic piece, Rob Sloan. Even in organizations where the budget is less limited, prioritizing the initiatives that have the greatest impact is crucial and can only be determined by operating within the broader business structure. Regardless of resources, CISOs can translate their organization's cyber risk in terms that CFOs and CEOs more tangibly understand and explain what is feasibly accomplishable. Together, they can determine which initiatives are worth pursuing, both in terms of ROI and strategy, and which can be relegated (aka absorbing the risk). Thanks for sharing.
Global Incident Manager
3wOne thing I’ve noticed is that organisations often invest in advanced security solutions without dedicating enough time and resources to ensure these solutions integrate well or at least complement one another. The lack of integration gives less of an impact on the overall security posture than it would have if solutions were effectively integrated and worked together. Oftentimes they overlap and can create operational issues when interfering with each other. For instance if you run EDR tools that also have network filters (URL filters and such) in an environment where you also use Zscaler Internet Access and its URL filter. This can negatively impact the user experience since both will do URL lookups in parallell and most likely create unnecessary latency. An example of an integration you can do that will enhance the security posture. If you use Microsoft Information Protection labels and also use Zscaler Internet Access DLP functions make sure that you allow ZIA to read the MIP labels so that you can create good DLP policies to prevent exfiltration of sensitive data. There are plenty of examples of good integrations with Zscaler which should not be overlooked when trying to maximise investments and keep costs low.