Where to spend your next security dollar
If you are an information security leader, you are always asking this question. This post contains some new answers, applicable especially if you are leading a medium to large enterprise. In that case, your main challenge is to get everyone in the organization behind the security program.
To effect changes in the organization, you need top management’s buy in. But, buy in to what? Security? Risk? Compliance? Ransomware attacks? Chances are your CEO, CFO, VP HR, etc. have little or no understanding of information security management.