When it comes to cybersecurity there is a lot of money put into it. The budget is set in place but what is it allocated to? How would you allocate the budget, would it be based on needs or wants?

Allocation

            Most CISO (chief information security officers) allocate their budgets to what they want, which in their minds is what they feel as though is needed.  There is no system in which CISO uses to figure out where they want to allocate money which is what poses an issue majority of the time. They would replace things just because they want the newest model, for example, laptops. Most CISO will replace laptops for the newest version simply because they don’t like the version that they have. If I were to be in CISO I would have a system in order to allocate the budget to what is needed the most. For example, a lot of the time there’s equipment that is very out dated, we are talking about ten years out of date, so they are unable to receive certain system security updates which pose as a threat due to them having high vulnerability. After doing a basic tech refresh I would then begin accommodations based on if they are really necessary or is it a luxury to have.

Importance

         Just like in everyday life you have a budget there’s a budget for cybersecurity roles. You won’t just get handed money and get to do what it is you want which is what most do, you have to actually look at the bigger picture. When allocating the importance of the budget you should look at what it is that will be beneficial and actually help within the next year or so with no issues. What you allocate your budget to helps for better business and production.  It will also help with more efficient work rather than everything be laggin and slow