Building a business case for information security

Khalid Kark offers five key points for articulating the value of infosecurity.

Recession: Security Reduces The Spend To Counter Economic Pressures

Some would argue that talking about the current recession doesn't help articulate the business value of information security. But many CISOs have found that in the current environment, this may be the only way to get management's attention. CISOs can help them achieve their goals in tough times by lowering costs by investing in strategic vendor relationships, using existing products and tools more effectively, and creating efficiencies in business processes.

As an example, a manufacturing company spent approximately $3 million every year on manual compliance processes. The CISO of the company proposed a GRC tool to streamline efforts by creating efficiencies around the audit and compliance processes. The company was able to save close to $2 million over three years by combining their various IT governance, risk and compliance activities, such as auditing, assessing, testing, and reporting.

Many CISOs have been so focused on responding to threats and managing day-to-day operational issues that they haven't focused on answering some very basic questions posed by their business peers. Implementing the five R's will help you better articulate the value of your security program. ##

Khalid Kark is a Principal Analyst at Forrester Research, where he serves Security & Risk professionals. He is a leading expert in information security program governance. He will be delivering a keynote speech at Forrester's Security Forum, Sept. 10-11, in San Diego. Forrester is pleased to offer CSO readers a $405 discount off the standard conference rate for Forrester's Security Forum 2009*. To register, call Forrester Events at +1 888.343.6786 and reference VIP Code SF9CSM.

Tags information security

Show Comments