Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Proving security's worth is not always the easiest job. Once you've invested in systems, trained staff, secured the perimeter, secured the interior, put in monitoring and maintenance programmes, chosen what, if anything, to outsource, run penetration tests and more, what's the result? No-one gives out their password on the phone, catches a virus on their PC, leaves unencrypted data on the train or suffers any kind of a security breach. If all goes right, nothing happens.
Come the next budget round, though, the idea of giving money to a function that doesn't seem to produce any visible results may seem less palatable to the board than giving money to the sales department – particularly as the credit crunch makes cutbacks inevitable. So how should the information security head go about making the case for investing in security? And as those cutbacks start to bite, how can he or she make the money that is available go further?
As many CSOs have discovered, rather than talking ‘techie', using the same language as the rest of the business pays dividends. That might mean discussing return on investment (ROI) – or even ‘return on security investment' (ROSI) – but that approach has pitfalls.
Registered users may log in here.
Login or Register now and get unlimited access.