You might well have heard talks about “security as business enabler” at various industry events in the last few years. Most people seem to agree this is a great idea, but not many organizations succeed in delivering on this promise.
I started to work on this post in order to summarize my personal takeaways from all the conversations I had this year about ROI in security. Here’s my list:
Use your judgement and expertise to estimate the risk mitigation for each investment. You don’t have to be precise; accept imperfection. Remember that risk management expertise probably exists elsewhere in your company — try to learn from those people and leverage the same approach. Use the tools and data available to you.
Learn to speak the business language. Security is not (only) a technical issue. There’s a lot you can learn from the CFO or CRO and the CEO, and you can use these conversations to help them learn more as well. Building a comprehensive risk management program that encompasses financial, reputational and security risks will help your business become stronger on all fronts.
Keep communication lines open with leaders across the business. Security investment can (and often should) be part of new projects and new opportunities. Help business leaders see security not as a cost center, but as a strategic initiative.
Leverage and balance all four ROI arguments. Although risk reduction should be the starting point, always consider how the same dollar spent can help your organization achieve compliance, reduce operational costs and/or support business opportunities.
More Info: comptia a+ jobs
No comments:
Post a Comment