Many cybersecurity organizations take a “big rock” approach - buying security products from their preferred IT vendors. It turns out this approach is a mistake. It makes far more sense to adopt an “ecosystem” approach - the approach preferred by the most mature organizations. Another effective strategy is to invest early in security startups, and guide them towards developing solutions customized for your organization’s needs.
It’s also important to have an architecture that encompasses the technology categories in which you are acquiring products and services, and a roadmap for deploying them in a logical sequence. The architecture and roadmap should address your most pressing security challenges, and revisiting both on an annual basis is a proven best practice.
Finally, not all technologies - even if they’re security related - should fall into the cybersecurity budget. Knowing where to pay for them is just as important as knowing whether you need them and when you’ll deploy them.
2. Table Of Figures
3. Executive Summary
4. The Issue: What’S The Best Way To Buy Security Technology?
5. The Four Security Procurement Strategies
5. Big Rock 5 Best-In-Breed
8. What To Procure, And When
9. The Security Budget: What’S In, What’S Out
10. Top Security Challenges
11. Spending More, But Less Wisely?
12. Security Planning: Architectures And Roadmaps
13. Security Architecture Best Practices
14. Security Roadmap Best Practices
15. Conclusion And Recommendations
16. Appendix A: Nemertes Security Maturity Model
17. Level 0: Unprepared
18. Level 1: Reactive
19. Level 2: Proactive
20. Level 3: Anticipatory
21. Maturity Model Elements
22. Bellwether Technologies: Definition
23. Cybersecurity Bellwether Technologies
24. Appendix B: Methodology
25. Company Size: Revenue
26. Company Size: Employees
27. Participants: By Industry
28. Participants: By Title
29. Participants: By IT Culture