The frugal chief information security officer (CISO) endeavors to size and scope his or her organization’s information security program to fit just right by using the Goldilocks Principle. This avoids the common mistake of underbuilding or overbuilding an information security program. The Goldilocks Principle says that something must fall within certain margins rather than going to opposite ends of a spectrum of options. To build a long-term sustainable program, the best place to be is just right where the amount of resources devoted to efforts is commensurate with the risk landscape of the organization it serves.

You Can’t Go Home Again

One common error occurs when a CISO or information ...

Get The Frugal CISO now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Frugal CISO by Kerry Ann Anderson

11

USING THE GOLDILOCKS PRINCIPLE

Getting It Just Right

You Can’t Go Home Again

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly