One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 2148826 |
| Date de publication | 2020-09-27 17:59:17 (vue: 2021-01-06 20:37:56) |
| Titre | NBlog Sept 27 - 2021 infosec budget |
| Texte |  Are you responsible for your organisation's information security or cybersecurity budget? Are you busily putting the finishing touches to your 2021 budget request, still working on it, just thinking about it, or planning to do it, honestly, when you next come up for breath?Budgeting is generally a dreaded, stressful management task. Not only do we have to figure out the figures but we typically anticipate a tough battle ahead leading (probably) to a disappointing outcome and yet more problems.On top of that, 2020 has been an exceptional year thanks to COVID. The business and information security implications of knowledge workers suddenly working from home, en masse, are still playing out now, while the economic impacts of COVID do not bode well for any of next year's budgets except perhaps for the manufacture of vaccines, masks, gloves, sanitiser and respirators.A substantial part of information security expenditure is (whatever we may believe as professionals) discretionary. The decision to go for ISO/IEC 27001 certification, for instance, flows largely from management's appreciation of the business value of investing in information risk and security management good practices. There may be specific drivers such as incidents, compliance pressures or demands from business owners, partners and prospective customers, but even then there are numerous options and factors to consider such as:The objectives for the Information Security Management System - what it is expected to achieve;How broadly or narrowly to scope the ISMS;At what pace to implement the standard, and how precisely;What resources to assign to the implementation, not least a suitable implementation project manager/consultant and project team;Priorities for this work relative to other business activities, objectives and requirements, making adjustments as necessary (both initially and as the project proceeds when stuff comes up - as COVID did, for instance);Alignment with other corporate projects and initiatives e.g. exploiting strategic opportunities to update various systems, policies and processes for security and other reasons, at the same time;Change management aspects: does the organisation have the capacity and appetite first to adopt and assimilate the ISMS, and secondly to get the most out of it; Project risks e.g. the possibility that things probably w |
| Envoyé | Oui |
| Condensat | it with 2020 2021 27001 ;alignment about account accredited achieve;how achievement activities additional addressing adjustments adopt ahead all also anticipate any appetite appreciation approval are as:the aspects: assign assimilate battle been believe benefits best big bode body both breath broadly budget budgeting budgets busily business but capacity case certificate certification clues come comes competing compliance consider contingency convince corporate covid cunning customers cybersecurity decision decisions demands departments/functions developed did direct disappointing discretionary does dreaded drivers dynamic economic effect enabling entirely established etc even except exceptional expected expenditure exploiting explore exploring factors figure figures finishing first flows framework from funds generally get gives gloves good governance guide has have hence home honestly how identifying impacts implement implementation implications important incidents information infosec initially initiatives instance investing isms isms;at iso/iec iso27001 it; project just knowledge largely leading least least a levers like load makes making management manager/consultant managers manufacture masks masse matter may means monitor more most must narrowly nblog necessary need next not now numerous nuts objectives only opportunities options organisation other out outcome overwhelming owners pace part particularly partners perhaps persuade pie plan planning plans playing policies possibility practices precisely;what preliminary pressures probably problems proceeds processes professionals project projects proposals prospective putting reasons relative request requirements resources resourcing respected respirators responses responsible risk risks same sanitiser scope secondly security senior sense sept shed slices sold specific stamp standard step strategic strategies stressful strong stuff substantial such suddenly suitable supporting and system systems taking task team;priorities than thanks then there things thinking time time;change top touches tough typically update vaccines value various well what whatever when who will work workers working worth year yet you your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.