General Cyber Intel
Author: Eric Olson, VP of Product Strategy
In our first post in this four-part series on making a business case for threat intelligence, we defined threat intelligence and how to determine if your organization needs it. Today, we will discuss how to align your security needs and business objectives.
In a typical management structure, the two forces behind business decisions are often governing bodies or fiduciary duties. Most chief information officers (CIOs) or chief financial officers (CFOs) don’t want to spend money unless there is documented proof that something will have a real impact to the business, which often makes it difficult to quantify investments in solutions to address security threats. Although at a high level the forces behind the security team’s decisions merge with those of management, at a more detailed level, security professionals are driven by protecting the organization and its assets, causing them to speak a different language than management.
In a recent PricewaterhouseCoopers study, many senior executives and boards said they found it hard to link security technology to the related tactical risks it is supposed to help mitigate. In order to successfully argue the need for a threat intelligence capability, security professionals must map their objectives to management’s objectives.
The following overarching business objectives are always a good place to start: reducing cost or risk, generating or retaining revenue, utilizing assets, and meeting regulatory requirements.