[Video] FAIRCON18 Panel: How FAIR and TBM Work Together to Show the Business Value of Cybersecurity
In recent years, many CIOs in big enterprises and government have successfully positioned themselves as not just IT operators but business enablers, using the discipline of Technology Business Management (TBM), a set of best practices to consistently communicate both the cost and the value of IT services.
But there’s been one outlier, cybersecurity; CISOs couldn’t communicate cyber risk and return in financial terms. FAIR solves that problem, and no surprise that organizations running TBM programs are also signing up for FAIR.
The TBM Council, the FAIR Institute and the Open Group (holder of the OpenFAIR Standard) are working now on aligning the two standards to speed up this integration.
At the recent 2018 FAIR Conference, Institute Chair Jack Jones hosted the panel discussion “FAIR & TBM: Two Standards Come Together for Managing Technology and Risk from the Business Perspective”, with Todd Tucker the TBM Council’s VP, Standards, Research, and Education, and TBM practitioner Paula Medders, Senior Program Manager - Cyber Security, HPE.
Watch the video of the discussion for some hands-on tips on how to tie a FAIR program into the broader IT agenda of your organization. FAIR Institute membership required – sign up for free membership now.
“If I were a CISO and found out my organization was engaged in TBM, I’d be all over that,” Jack Jones comments. “I can’t begin to count the number of security people who say, ‘I don’t know what I don’t know.’ There are all kinds of opportunity for visibility into the risk landscape, for data points for the kinds of things we want to measure from a risk standpoint.” As example, Jack points to measuring the impact in a FAIR analysis on ransomware and being able to see all the connections among affected applications and the business processes they serve.
Paula Medders shared her project documents showing how HPE applied TBM to cybersecurity functions in a transformation very much like a FAIR implementation – moving from “a capability mindset to service-oriented mindset,” as she says, and showing “how cybersecurity adds value above and beyond the cost of spend.”
Medders says the TBM approach combined with FAIR can be an effective tool of persuasion for CISOs by providing “visibility to business partners on how they could impact the cost of cybersecurity in their business” by, for instance, reducing risky practices. TBM can also be used to make the case for cybersecurity budget, she says. Watch the video now.