Discover Security Projects News
Ways to Justify Security Programs: 13 Cs
My last post Forget ROI and Risk. Consider Competitive Advantage seems to be attracting some good comments. I thought it might be useful to mention a variety of ways to justify a security program. I don't intend for readers to use all of these, or to even agree. However, you may find a handful that might have traction in your environment.
- Crisis. Something bad happens. Although this is the worst way to justify a program, it is often very effective.
- Compliance. An external force compels a security program. This is also not a great way to justify a program, because resources are often misallocated.
- Competitiveness. Please see my previous blog post.
- Comparison. If your company security team is 10% the size of the average peer organization size, it's not going to look good when you have a breach and have to justify your decisions.
- Cost. It's likely that breaches are more expensive than defensive measures, but this can be difficult to capture.
The link for this article located at taoSecurity is no longer available.