Where Is the "Biggest-Bang-For-Our-Buck" Opportunity?
CISOs are also required to find ways to cut costs and justify security investments.
"Think about what project or process you could implement that could greatly reduce your overall risk or attack surface with a minimal amount of effort or spend," Kenna Security's Bellis says. "If answered another way, what’s the one thing you wish you could do across your company to lower risk? Implement [multifactor authentication] across all users? Automate your patch management process?"