CISO Trainings , Governance & Risk Management , IT Risk Management

Improving Security on a Limited Budget

CISO Vicki Gavin on Setting Priorities, Leveraging Outsourcing
Vicki Gavin, head of information security & IT risk management, Kaplan International

Vicki Gavin, who has served as CISO at several major corporations, offers advice on how to enhance cybersecurity on a limited budget.

See Also: Buyer’s Guide for Complete Privileged Access Management (PAM)

"The way I prioritize budget allocation is according to risk," says Gavin, who is head of information security and IT risk management at Kaplan International. "It's really about understanding … who in the cybercriminal world is likely to be interested in the things that you have and how do they generally attack. And then compare that to your defenses and look for the gaps."

The experienced CISO says organizations should "protect against the most egregious of the attacks that might take place - ransomware comes to mind very quickly - making sure endpoint protection is in place, up to date, being monitored, and that people are following through on that."

Outsourcing can play an important role in helping to control a cybersecurity budget, Gavin says. Engaging a managed security services provider enables her to focus on risk management, she adds.

In a video interview with Information Security Media Group, Gavin discusses:

  • Overcoming budget constraints with creative solutions;
  • How to converge information security and information risk management;
  • How to create an effective information security risk management program, including how to benchmark performance and measure progress.

Gavin is head of information security and IT risk management at Kaplan International, an international provider of education. She previously was "cyber coach” for The Cyber Rescue Alliance, a management consultancy that helps organizations recover from breaches. She’s the former chairperson of the Women's Security Society. Other previous roles include CISO at Artemis Fund Management, Kensington Mortgages, The Economist, Barclaycard, Barclays Bank, Barclays Capital, Dresdner Kleinwort Wasserstein and the Toronto Stock Exchange.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.