Risk & Compliance/Legislation

T2-3B. Why Your Cybersecurity Budget is a Horse's Ass

Tuesday, June 11, 2024 9:15 AM - 10:15 AM

Room 3BC


I have contended that the biggest problem is cybersecurity is that CISOs get the budgets they deserve, not the budgets they need. The problem is that generally cybersecurity executives have not learned how to make cost benefit based justifications for their budgets and it leaves them with some modified budget from the prior year. By incorporating business principles, cyber risk quantification, vulnerability management, and several other sciences, they can learn to deserve the budget that they need, and be able to make decisions on the optimization of their budgets.

Learner Objectives

After the session, learner will understand the historical nature of the cybersecurity budgeting process After the session, learner will understand how cyber risk quantification is currently performed, such as the with the FAIR model After the session, learner will understand basic concepts in machine learning and mathematics and understand how to apply them to risk management After the session, learner will understand will be able to understand the importance of attack path visualization in determining which vulnerabilities to prioritize mitigation After the session, learner will understand how to combine different sciences to consciously determine the structure of a cybersecurity program and its budgeting process