Problem identified and communicated, plan created, funds provided, problem resolved. This is the lifecycle senior business leaders often expect – and prefer – organizational challenges to have. It’s the way decisions are made and issues addressed for many functions of the business.
Unfortunately, this leads senior management to expect a similar lifecycle of security-related challenges: 1) Security apprises management of threats and vulnerabilities. 2) Management allocates funds to address them. 3) Problem solved.