Is CyberSecurity ROI Necessary? – Paul Hypki – CSP #7
Information security departments are often challenged to come up with “ROI” or Return on Investment for the information security initiatives. Why should the information security department be any different? Join this podcast and learn why calculating an ROI may not be necessary and how reducing risk has different considerations.
To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_PaulHypki.pdf
Hypki, P. 2019. Where’s the ROI? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 83. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
Paul Hypki has been the CISO at Children’s Minnesota since 2017. His background includes healthcare, banking, and brokerage. His Information Security journey began in the early 2000s as the Risk Officer with a job description of “keep us off the front page of the Wall Street Journal.” Moving from finance to health care was a culture shock. After years in health care, Paul better understands that information security risk must be continuously measured, evaluated, and prioritized across the entire enterprise, and monies allocated where the maximum risk reduction can be achieved.
