make sure to allocate enough dollars to cover remediations your team might need

Plan Your Remediation Budget

Start with remediations first

The most challenging part of remediations is finding the resources. Whether people, budget, or time, risk stakeholder teams are generally overworked and remediation activities tend to take second chair for newly organized or exhausted teams. One way to ensure that resources are available post-assessment is to ask for them before the assessment starts. This is a truly unique contrast from what many company leaders ask for – “Run the assessment, tell us where the gaps are, and then we’ll find a budget.”


Get your stakeholders on-board

Suggest to your leaders they go ahead and budget work for a few of the most important remediation items that you already know will come out on the assessment later. Regardless of the assessment outcome, those items you mentioned are going to have to be corrected sometime soon anyway. And the resources requested can always be re-assigned to other items based on the assessment data if needed. If getting alignment from your stakeholders is proving to be a challenge, we’ve written an in-depth guide about it here to help you along.

Once you’ve secured a budget, the assessment itself will move faster because your team will know not to consider some heavy-lift controls that will require an immense cost, transitioning them to spend more time understanding the compensating controls in place (or those that could be in place). Additionally, the remediation findings discussion with the budget holder tends to be an easier conversation because all key stakeholders know a budget is present.


A pro-tip

Instead of asking your leadership to give you a bonafide budget before the assessment, present good, better, best options to your management based on your intuition about the state of maturity of the assessed facility/business unit. By doing so, you’re in a good position to ask your manager for a “budget range” rather than a singular number. Pre-planning your remediation budget empowers all personnel to mutually develop the most efficient path from assessment to improvements. For help deciding which items to suggest for remediation, we’ve created a handy matrix with several factors you should keep in mind. Be sure to download the full guide below to get access. 

Download the Guide

Enjoy this content? Get the comprehensive guide to gain more value from your cyber assessments with cross-company alignment.

Ted Gutierrez

Ted Gutierrez is Co-Founder and CEO of SecurityGate, A risk assessment, improvement, and documentation platform used by security and risk leaders at the world's largest critical infrastructure organizations and consulting firms to enable deeper alignment across cyber teams and their leadership.

Share this post


Recent Articles

About Us

Contact Us