Security managers also have financial responsibility for their organization’s security program. In this video, Mike Chapple explains the role of a security manager in developing, implementing, and monitoring budgets.
- [Instructor] Security managers have financial responsibility for their organization's information security program. This means that they must participate in developing, implementing, and monitoring budgets. Many security managers came up through the technical ranks and find themselves in their first management role, unfamiliar with the many nontechnical skills required for the job. If that's your situation, you might find yourself unfamiliar with the skills and tools that assist you with this task. A budget is just a financial plan for the team.
It outlines how much money is available to you over the course of the year and how you plan to spend that money. Most organizations go through an annual budget planning cycle where the organization's leadership decides the following year's budget a few months before the year begins. This means that you'll have to work backwards and will often find yourself preparing a budget at least six months in advance of it going into effect. Or looking at it another way, depending upon where you are in the budget cycle, it could be a long time until you receive your next budget adjustment.
That's why planning in advance is so important. As you go through the budget planning process, you'll need to follow the guidelines set by your organization. There are two major approaches to budgeting. Some organizations use an incremental budgeting approach. This approach starts with the prior year's budget and then makes adjustments by either raising or lowering that budget. If your organization uses this approach, you'll frequently hear phrases like we have a 3% budget increase this year or we're cutting the budget by 5%.
It's up to the manager to advocate for additional budget when necessary and to make the new numbers work. Other organizations use a zero-based budgeting approach. This approach begins from scratch each year and managers are asked to justify their entire budget rather than starting with the assumption that they will have the same amount of funding as they did the prior year. There's one more important concept in budget planning that you should know. Budgets work on the concept of a fiscal year. Every organization selects their own fiscal year that is 12 months long, but may or may not coincide with the calendar year.
For example, an organization might have a fiscal year that begins on July first. Let's talk about how that would work in the calendar years 2019 and 2020. If the new fiscal year begins on July first, the organization moves into fiscal year 2020 on July first 2019. That fiscal year then ends on June 30th, 2020, and fiscal year 2021 then begins. The first half of calendar year 2019 is actually the second half of fiscal year 2019, which began in July 2018.
So, in this approach, each calendar year is divided across two fiscal years. Budgets begin anew every July. You definitely need to understand the fiscal year used by your organization so that you can appropriately plan your budget. You don't want to run out of money early or leave money that you needed for a project on the table when the fiscal year rolls over.
- Designing an information security strategy
- Aligning security with the business
- Security roles and responsibilities
- Security standards
- Budgeting for security
- Data security
- Obtaining leadership support
- Assessing security programs
- Security principles