JOURNAL ARTICLE
Where to Focus Your Company's Limited Cybersecurity Budget: Three cybersecurity investments to target.
Published In: Harvard Business Review Digital Articles, 2023. P. 1 1 of 3
Database: Business Source Ultimate 2 of 3
Authored By: Isles, Adam 3 of 3
Abstract
The article focuses on guiding companies on how to prioritize limited cybersecurity budgets by targeting three key investment areas: impactful defensive controls, validation of those controls, and automation to manage and enhance security posture. It emphasizes using authoritative frameworks such as the MITRE ATT&CK framework to align defenses with known attacker tactics, techniques, and procedures (TTPs), particularly to minimize initial access and protect high-value assets like identity and access systems. The article also highlights the importance of validating that controls operate as intended, as recommended by agencies like CISA, FBI, and NSA, and advocates for increased automation—including Security Orchestration and Automated Response (SOAR) tools—to handle growing complexity and volume of security data. This approach aims to help organizations focus cybersecurity investments effectively amid evolving threats and constrained budgets.
Additional Information
- Source:Harvard Business Review Digital Articles. 2023/05, p1
- Document Type:Article
- Subject Area:Business and Management
- Publication Date:2023
- Accession Number:164001460
Looking to go deeper into this topic? Look for more articles on EBSCOhost.