Security Procurement that Works- Is There A ‘Best' Security Procurement Strategy?

  • ID: 3927082
  • Report
  • Region: Global
  • 27 Pages
  • Nemertes Research
1 of 3
Figuring Out How to Procure Infosec Products Effectively Is More Challenging Than it First Appears
What’s the best way to procure cybersecurity technology? That sounds like a trick question, but it isn’t. Although most cybersecurity professionals believe they’re underfunded (and probably are), what would they do with more money if they got it? And how would they be sure it’s spent to maximum advantage? Figuring out how to procure infosec products effectively is more challenging than it first appears.

Many cybersecurity organizations take a “big rock” approach - buying security products from their preferred IT vendors. It turns out this approach is a mistake. It makes far more sense to adopt an “ecosystem” approach - the approach preferred by the most mature organizations. Another effective strategy is to invest early in security startups, and guide them towards developing solutions customized for your organization’s needs.

It’s also important to have an architecture that encompasses the technology categories in which you are acquiring products and services, and a roadmap for deploying them in a logical sequence. The architecture and roadmap should address your most pressing security challenges, and revisiting both on an annual basis is a proven best practice.

Finally, not all technologies - even if they’re security related - should fall into the cybersecurity budget. Knowing where to pay for them is just as important as knowing whether you need them and when you’ll deploy them.
Note: Product cover images may vary from those shown
2 of 3
1. Compass Direction Points

2. Table Of Figures

3. Executive Summary

4. The Issue: What’S The Best Way To Buy Security Technology?

5. The Four Security Procurement Strategies

5. Big Rock 5 Best-In-Breed

6. Ecosystem

7. Custom

8. What To Procure, And When

9. The Security Budget: What’S In, What’S Out

10. Top Security Challenges

11. Spending More, But Less Wisely?

12. Security Planning: Architectures And Roadmaps

13. Security Architecture Best Practices

14. Security Roadmap Best Practices

15. Conclusion And Recommendations

16. Appendix A: Nemertes Security Maturity Model

17. Level 0: Unprepared

18. Level 1: Reactive

19. Level 2: Proactive

20. Level 3: Anticipatory

21. Maturity Model Elements

22. Bellwether Technologies: Definition

23. Cybersecurity Bellwether Technologies

24. Appendix B: Methodology

25. Company Size: Revenue

26. Company Size: Employees

27. Participants: By Industry

28. Participants: By Title

29. Participants: By IT Culture
Note: Product cover images may vary from those shown
3 of 3


4 of 3
Note: Product cover images may vary from those shown