hello and welcome back to revenue quotation as a C. So
in this module
we will discuss why business goes must lead effective ways to align security goes with business goals and why security policies are imported.
Alighting security with business goals. So quote from Devin Brian, which is one of my mentors.
It takes proper balance of threat driven, risk based trade offs to make sure that cybersecurity programs, policies and strategies enable businesses to go further and faster.
So you've implemented all these new programs and
done all these wonderful things.
are they alive with the business goals? Are you implementing
that ally with the goals of the business or you operating in a silo?
The process of alignment starts with understanding the business,
speaking in the language of the business, prioritizing partnerships with the business units and other leaders,
communicating the risk of actions or inactions to those individuals.
And the quantifying risks, as we mentioned bores care about money
live with the board's decision.
So don't become so emotionally tied to an outcome that you feel is important and it probably is. It's super important, but it's important to you and you only If it's not implemented, will the company go out of business? Probably not.
Will it make your job a little bit harder
in May? And that may be why you're so you mostly invested into it. But these air some questions that you have to ask yourself,
when you start going down that path
recognizing what the goal of the businesses and how security supports and enables the business to generate revenue
you Yes, you are the protector, the guardian, Trusted advisor of the business. You're protecting the digital assets. Yes, that is you. But you have to do so in a manner that you're not blocking business. You're not causing productivity losses that you're not
revenue generation at risk. But in further efforts, you should find areas of opportunity to integrate
security into the business
and once again gain that stakeholder buy in by being the trusted adviser.
By taking the proactive approach and not a reactive approach and staying
at the forefront of news and trends, you may not have the budget to implement those, but as we're finding out now, they're in this cove it 19 pandemic.
We had a lot of under used or underutilized tools. So take the opportunity to look at what you have and find out if there's more value that you can know squeeze out of it. But also, when you're going on those procurement expeditions, I like to call
looking solutions that can complement
what you're doing and that don't require a lot of, um,
I say adaptation
and thats meaning that you don't have to change the way that you do business or work flows to accommodate a security tool because that's going back to being a blocker, right? You're causing productivity losses. So
all of this ties back into
aligning with the business and the goals of the business, and if you do that, you will be successful in your security program.