Building the security budget will require an understanding of how the business interacts with security, and how different controls can affect the risk level of the organization. This phase will take you through the following activities:
- Map business capabilities to security controls and specify need.
- Input the costs of the security controls, general expenses, and IT system-specific expenses.
- Analyze the three different budget outputs and explain surpluses and/or deficits.
- Optimize the budget by using defense-in-depth techniques.
Use this phase as part of the full blueprint, Build, Optimize, and Present a Risk-Based Security Budget.