Superconductor

The European Network and Information Security Agency (ENISA) released the report Obtaining Support and Funding from Senior Management while Planning an Awareness Initiative last week. This report provides a framework for information security groups to follow that's supposed to help them maximize their chances of getting important security projects funded. The processes described by this report seems very similar to the one that consulting companies have been advising their clients to use for quite a while.

When I worked for a Big 4 consulting company about 10 years ago, we were advising our clients to use a strategy almost identical to the one that this report describes. Back then, the fact that information security is as much a business issue as a technical issue wasn't very widely understood. Once security groups accept this and learn to speak the same language that other business units do, getting support for security projects is always much easier. Just like the Big 4 were talking about how to do this ten years ago, the ENISA report tells you how to do this today. It's good to see that this is become more widely known.

If you're having trouble getting important security projects funded, this report may be able to give you some useful advice. It's certainly cheaper than hiring a Big 4 consultant.