This is where the rubber hits the road. How do you determine the "must have" vs. the "nice to have" technologies, the "must do" projects and the "gotta have" personnel to support the enterprise agenda for IT security? How much "can" you spend vs. how much do you "have to" spend?

Too many times we have seen information security plans dashed and budgets slashed because organizations simply fail to connect the security strategy and budget to the larger enterprise business requirements. IT security is a complex topic and the initiatives to enhance IT security are not always easily understood by those responsible for approving the funds.

Bottom line, IT security is not negotiable in today's business and regulatory climate. Doing nothing is simply not an option and even those taking a minimalist approach will find that this will only allow their operations to go so far.

CynergisTek can provide practical advisory support to IT security strategic and budget planning. For some of our clients, a single working session, once a year, has made all of the difference in "winning" support for the strategic plan and budget. For others, in a series of 3-5 working sessions, we are able to build out a thoughtful strategic plan, high-level project and staffing plan, capital and operating budgetary guidance, and supporting documentation for executive committee and Board presentation.