It’s easy to fall prey to the seductive powers of smart, shiny and compelling new security technology, especially when vendors offer a plethora of persuasive justifications. After all, strengthening your organisational security is always going to be a good thing, right?
With risks mapped to goals, it becomes an easier task to identify the most appropriate control required. It may turn out that the smart shiny new product indeed offers the required control, but is way over specification. A simpler, more targeted product may be more appropriate, or even the introduction of a new process for staff may be the answer.
It’s worth taking a step back to focus on mapping business risks to business goals. Security professionals who consider the wider business context when approaching security road mapping will not only save the company potentially tens of thousands of dollars in over specification spending but will also support the business goals, accelerating the organisation’s ability to reach those goals.