We previously looked at some of the arguments a chief information security offer (CISO) might use to justify a security investment, looking at the benefits the investment will provide and why it is necessary. Here we take a brief look at some of the implementation techniques and technologies to further improve return on investment (ROI).
Building a highly-secure business is not possible as a big-bang approach. By piloting each change to the company’s systems, you can fully consider its security implications, agree specifications and measure performance.
When presenting to the leadership team for budget approval, it is very tempting to oversell the technology. A non-technical audience may not remember technical details, but they will remember ROI assurances on cost and effectiveness. Be careful when giving commitments, using the same numbers that you intend to benchmark against.
Consider compliance in your regional locations
Regulation and compliance establish a minimum level of security, with most CISOs aiming higher and implementing faster than the national bodies specify. Which national bodies are relevant? As an example, consider the implementation of wholesale AZ VoIP termination across your business, which has offices in the UK, the US, Australia and India. In addition to understanding the technology, which can be explained by a provider such as https://www.idtexpress.com/blog/2018/02/24/wholesale-voice-termination-explained/, you will need to consider the regulations in each of these countries.
Exploit machine learning and AI
Spotting threats has already moved from humans to computers. The volume and complexity of malware has to be matched by smart automated systems. Using AI enables these systems to learn and adapt, and to monitor the company’s network for irregular behaviours. Mathematicians and ex-spies are involved in developing cybersecurity AI.
Measure, adjust and move ahead
Implementing a change to security must begin with metrics. By understanding how to measure effectiveness, the team can confirm if security has improved as planned. By making small adjustments, security strategy can move forward with confidence.
Using pilot projects with defined metrics is not rocket science – successful CISOs have been using techniques such as these all along. AI is more like rocket science, however, and requires strong technical vision to grasp the technology, work with the creators and persuade the board. Getting ROI on your security budget is a challenge you can enjoy.