Hello all,
We are currently in the process of working through improving our costing and charging for a variety of services. Cybersecurity has come up as a relatively large one that we want to work to improve our chargeback allocation methodology for. Today, all of our cyber costs are housed in one cost center. This expense feeds directly in to a "Cybersecurity" service, that is charged back to consuming business lines based off of a simple FTE breakout.
We're looking for alternative ways to think about costing and charging out this service. We've thought about possibly using application risk profiles to help charge out the expense- business lines that engage in using more risky applications would receive a greater charge for cyber. However, we'd appreciate any insight in to how other organizations are thinking about costing out and charging these expenses.
Thanks!
#Billing(BillofIT)