2.Don't use scare tactics.
They may work at first, but eventually, if you are successful in keeping your organization safe, this tactic may actually backfire. Your financial officer will only see that they provided funding and nothing happened.
3. Establish your cybersecurity credentials within your organization.
It is important for both you and your security team members to acquire security credentials, such as the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM). This gives your financial team confidence that you have the expertise to identify the risks and are able to plan and implement a security program that meets the threats facing your organization. Take advantage of the plethora of security seminars, webinars, and magazine articles that provide the most current information on threats and safeguards. And don't be afraid to share some of the non-technical materials you come across with senior management.
4. Relate your security risks to the business.
Identifying the technical aspects of malware threats, hacking, and Denial of Service (DoS) attacks will be almost incomprehensible to your senior management and financial decision-makers. Relating the threats to the impact on the business is far more meaningful. For example, if you rely on the Internet for sales and you have to shut down your Web portal, the specific cause is not a priority to senior management. The fact that you had to shut off your primary business conduit is the critical point.
5. Outline the need in plain English.
Never speak in technical terms to senior management or your financial team. In order to establish a strong communication channel, you need to have two-way communication about security issues, not a one-sided description of technical challenges. To have a two-way conversation, you need to frame the discussion with language that everyone can understand.
6. Develop a plan that meets the security needs but also considers financial constraints.
When meeting with the financial team, remember that very few organizations are free of financial constraints. It is unlikely that your organization has unlimited funds. You can show your understanding of their constraints by doing a little research on organizational funding practices and demonstrating your desire to make reasonable requests. They will likely appreciate your desire to understand the constraints in their job and will be more willing to assist you in performing your job.
7. Once you get the funding, follow the plan you outlined.
One of the most important things you can do to build trust with your financial officer is to use the funding provided exactly as you had outlined you would in your presentation. Nothing reduces the confidence in your approach more quickly than saying you need the funding for one thing and then spending it on something else. And, if changes become necessary, do consult with the financial team. Never surprise them with expenditures for things on which they have not previously been briefed.
Sign up for Computerworld eNewsletters.