Whether you’re deciding what to wear or where to eat, having options is ideal. The same is true when it comes to presenting your business case to your CIO or Board of Directors: you’re better off if you can give them options. Present them with three options: 1) a bare-minimum, 2) centrist, and 3) best-case, no holds barred approach to your cybersecurity program or a strategic initiative. This lets them know you’ve done your homework and it puts the onus on the decision maker, not you.
CISO Street recently interviewed Bryan Kissinger, CISO for Trace3 and author of “The Business Minded CISO.” In this video, Bryan discusses the best approach for building a business case for a security program.