Enterprise Security Trends Blog | HP Blogs
Keep up with the latest cyber, consumerisation, collaboration and cloud enterprise security trends from the team of HP information security professionals.

How to justify a bigger security budget, Part 3: Demonstrating clear benefits and business impact

Mary Ann Mezzapelle, Chief Technology Officer, Americas region, Enterprise Security Services, Hewlett-Packard


In my previous posts, “How to justify a bigger security budget, Part 1 and Part 2,” I talked about getting a single view of your security program, and understanding the challenges, inside and out. In this final posting, I talk about employees in meeting.jpghow to justify a bigger security budget.


IT Security has often been labeled the black hole of investments. Data is the only way to demonstrate clear benefits and show the connection to the business. A security metrics capability helps you quantify the security impact on business objectives and evaluates risk for new business. A mature security metrics program provides accountability and better stewardship, supporting your enterprise’s evolving business needs.

How to justify a bigger security budget, Part 2: Understanding why organizations can't keep up

Mary Ann Mezzapelle, Chief Technology Officer, Americas region, Enterprise Security Services, Hewlett-Packard


In the first installment the series, “How to justify a bigger security budget,” I recommended getting a singlesecurity_metrics-compressed.jpg view of your security program and relating it to peers in your industry. As a follow-on, I’ll explain the root causes of why organizations aren’t keeping up.


We see security challenges falling into three major areas:

  • Complex nature and motivation of threats
  • Increased regulatory pressures
  • Protection for the New Style of IT (mobile, social, data analytics, and cloud)



How to justify a bigger security budget: Part 1


By Mary Ann Mezzapelle, Chief Technology Officer, Americas Region, Enterprise Security Services, Hewlett-Packard


Best-run security organizations are moving away from their “no” and “slow” reputations by transforming how security is managed—informing business decisions and supporting growth. You need to drop the endowment- and entitlement-type attitudes and learn how to run security like a business. This post introduces a three-part series on how to justify a bigger security budget with that data-driven mindset...



  1. Single view of the IT Security capability and cost
  2. Understanding why organizations can’t keep up
  3. Demonstrating clear benefits and business impact


...so that you can help your organization understand the cost of protection, communicate in business terms and improve decision-making.

Security tip: Recognizing fake antivirus software

Enterprise connect video blog.pngChris Leach, Client Security Principal, Enterprise Security Services, Hewlett-Packard


Chances are you either have been victim or know someone who has been held hostage by a fake antivirus program. This fake program demands a ransom via your credit card to release your computer back to your control. Some of these programs are even accessing your camera and including a photograph of you—the user—as an additional scare tactic.


Here are some practical tips for you to use at home, with your friends, family, and clients that will help you address this growing type of malware.

What data is important? And what’s really not?

By Jeff Hales, Data Protection & Privacy Practice Lead, HP

It’s sometimes strange working for a company like HP, you forget what a massive complex organisation you work for, until something like Discover comes along and gives you a reminder. It’s a bit like data, you forget how much you have until something reminds you. Today my renewal for my personal cloud storage came in, so I checked to see how much storage I need, turns out I have just over 260Gb and 56,495 files which includes documents, pictures, music and home video. The question is though, how much do I really care about and how much is duplication and products of my son playing with Photoshop and pictures of Pokémon?



Showing results for 
Search instead for 
Do you mean 
Follow Us

About the Author(s)
  • Manage cyber engineering & architecture team developing security services, security reference architectures, big data security, mobility, cloud, cyber situational awareness and security operation center solutions. Responsible for developing innovative cyber solutions across public sector accounts. Collaborates with HP Labs, HP CTO Organization, product groups and third-party vendors to leverage innovative technologies to deliver the next generation of cybersecurity solutions.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.