How much should be the 'real' security budget?
According to Gartner, enterprises must spend between four and seven percent of their IT budgets on IT security. The lower budget is for organisations with mature systems, while the budget should be higher if organisations are wide open and at risk.
Gartner noted that this represents the budget under the control and responsibility of the CIO, and not the 'real' or total budget,
In line, the firm advised organisations to first assess their risks and understand both the CISO's security budget and the 'real' security budget in the range of accounts that may not capture all security spending.
"A CISO who has knowledge of all of the security functions taking place within the organisation, as well as those that are necessary but missing, and the way in which those functions are funded, is likely to use indirectly funded functions to greater advantage," McMillan concluded.
Sign up for Computerworld eNewsletters.