Improving Security on a Limited BudgetCISO Vicki Gavin on Setting Priorities, Leveraging Outsourcing
Vicki Gavin, who has served as CISO at several major corporations, offers advice on how to enhance cybersecurity on a limited budget.
"The way I prioritize budget allocation is according to risk," says Gavin, who is head of information security and IT risk management at Kaplan International. "It's really about understanding … who in the cybercriminal world is likely to be interested in the things that you have and how do they generally attack. And then compare that to your defenses and look for the gaps."
The experienced CISO says organizations should "protect against the most egregious of the attacks that might take place - ransomware comes to mind very quickly - making sure endpoint protection is in place, up to date, being monitored, and that people are following through on that."
Outsourcing can play an important role in helping to control a cybersecurity budget, Gavin says. Engaging a managed security services provider enables her to focus on risk management, she adds.
In a video interview with Information Security Media Group, Gavin discusses:
- Overcoming budget constraints with creative solutions;
- How to converge information security and information risk management;
- How to create an effective information security risk management program, including how to benchmark performance and measure progress.
Gavin is head of information security and IT risk management at Kaplan International, an international provider of education. She previously was "cyber coach” for The Cyber Rescue Alliance, a management consultancy that helps organizations recover from breaches. She’s the former chairperson of the Women's Security Society. Other previous roles include CISO at Artemis Fund Management, Kensington Mortgages, The Economist, Barclaycard, Barclays Bank, Barclays Capital, Dresdner Kleinwort Wasserstein and the Toronto Stock Exchange.