How to defend your security, compliance and risk management program


To be an effective security, risk management, or compliance leader, you must advocate for your team’s needs and secure resources to improve cyber defense posture, mitigate risk, and ensure security. compliance with industry standards. While securing the resources you need isn’t necessarily a difficult undertaking, you may not always know what steps are necessary to achieve the desired result.

Wondering how to align your senior executives and other key stakeholders?

Here is a set of five activities recommended by compliance and security professionals to get what they want:

1. Understand your organization’s procurement process

Ideally, you want to gain an understanding of your organization’s procurement process before talking to suppliers. This way, when selecting a vendor, you can advise the sales rep on how best to navigate the process.

Many organizations design their tools budget around service needs, but because managing risk and meeting compliance requirements are inherently cross-functional, most organizations haven’t created budgets that take into account the purchase of new tools specifically for risk and compliance management.

To get the budget you need to purchase tools, you will likely have to break out of the “normal” documented process and work your way up the chain of command to senior management who can approve new purchases outside of the normal budgeting cycle.

2. Craft your message for executive decision makers

Once you have identified the person(s) who can approve the necessary resource budget, it is time to frame your request in a way that compels them to take action. The best way to do this is to align your messaging with the executive’s top priorities.

Almost all leaders are aware that an attack could happen to their company. For this reason, they are likely interested in knowing how well your organization is currently doing mitigate cyber risk scenarios which are likely to occur. Your leaders also want to be sure that your organization will be able to pass future audits. Last but not least, management will care about cost and operational efficiency.

As such, you’ll want to tie your budget request to your security and compliance capabilities and your ability to deliver business value. If your current capabilities do not allow you to adequately identify or manage risks arising from operations, this introduces too much risk to your organization.

For example, you can complete challenges such as:

  1. Delay in response to customer security/privacy issues in right time;
  2. To deal with COVID-19 and security risks that have not been fully resolved;
  3. Keep up with increasing regulatory and customer requirements and minimize liability, and
  4. Need to minimize the impact of compromised cybersecurity if an organization falls victim to ransomware or another form of cyberattack.

3. Identify your allies

When seeking budget approval for expensive software, it’s important to have allies. This way, leaders can see that although there is an upfront cost, the issue(s) you are addressing with this solution is a company-wide concern.

When it comes to risk and compliance software, multiple stakeholder groups can benefit, including:

  • Key controllers within IT, engineering, product development and finance teams
  • Risk Management/Legal Team Members
  • Internal Audit Team Members

Once you have identified allies, work with them to determine how best to influence the final decision maker.

4. Understand the implementation plan and timeline

To forcefully communicate the level of impact you expect to achieve with your proposed solution, talk to the key decision maker of value time. With this software and the support you will get from the supplier company, how long will it take you to reach important milestones?

To ensure your initiative delivers results quickly, it’s important to understand how intuitive and self-service (vs. technical) it would be to get started with the software product.

By confirming the timeline needed to achieve key milestones early in the sales process, you will be able to present a reasonably accurate forecast of time to value for the software.

5. Treat your salesperson like a collaborator and allow them to help you

A great salesperson should work collaboratively with you, helping you orchestrate meetings to win over key decision makers. They can also invite specialists to meetings, so that your organization’s questions and concerns can be satisfactorily addressed.

If you did software due diligence and you’re feeling pretty positive about it, it’s time to be upfront with your sales rep. Let them know about your sourcing process, who the decision makers and influencers on your side are, their concerns, and the questions they’re likely to raise – so your sales rep can do their part to support you and make you look like you. a hero in meetings.

Want to know more about this topic? Discover our e-book!

The post office How to defend your security, compliance and risk management program appeared first on hyperresistant.

*** This is a syndicated blog from the Security Bloggers Network of hyperresistant written by Jingcong Zhao. Read the original post at:


About Author

Comments are closed.