It’s vital for C-suites to include cybersecurity as part of their capital planning. And the key to that is determining what “just enough security” is for the organization to meet its business goals. What’s the best way to determine how much security is “just enough”?
https://www.securitymagazine.com/articles/96471-why-cyber-risk-assessments-should-be-a-part-of-your-business-strategy
