Cybersecurity encompasses a plethora of ideas, problems, frameworks, and technology. In many ways it is like the world of investing. Each CISO has a finite amount of money to invest to create the maximum return (the most security possible with the limited budget available).
At Early Adopter Research, we have studied the process for creating a balanced cybersecurity portfolio for a while. A general approach that works for every company is clearly beyond reach. Frameworks from NIST and ISO organize thinking, but do not sort out all the trade-offs needed for creating an optimal portfolio for a particular business. The fact is, that like investors, each CISO must have a perspective and a process for creating a portfolio that works for the organization they serve.
The key to creating an optimal portfolio is to ask the right questions and decide on principles that inform and support the choices made.
That’s why we were thrilled to get access to some original research from Fortinet that goes right to the heart of the issue.