All InfoSec orgs strive to align spending to the business, but how often does InfoSec management ensure that there are clear business cases for investment decisions?
While simple & trivial to some, a business case (with requirements / specifications, use cases, success criteria, and business as usual [BAU] / maintenance planning) goes a very long way. And don't blame this on the PMO, we are all adults here....
Like sport, master the fundamentals first!
No comments:
Post a Comment