Where does the information security budget reside and who owns it? That’s an ongoing debate as organizations allocate resources to protect critical assets in a dynamically changing technology and threat environment.
In many organizations, chief information security officers report to the chief information officer, because security operations and budgets are part of the IT department. According to the Ponemon Institute’s 2015 Global Study on IT Security Spending & Investments, only 19 percent of the surveyed respondents say the IT security leader has control over how resources are allocated. Instead, the budget is in the hands of the CIO or Chief Technology Officer and business leaders.