You might well have heard talks about “security as business enabler” at various industry events in the last few years. Most people seem to agree this is a great idea, but not many organizations succeed in delivering on this promise.
Since you’re not the owner of a new business project, you cannot estimate the size of the returns on the opportunity overall. However, you don’t have to. I recommend referring to these new initiatives in your ROI conversations, but without trying to provide specific numbers.
I started to work on this post in order to summarize my personal takeaways from all the conversations I had this year about ROI in security. Here’s my list:
Use your judgement and expertise to estimate the risk mitigation for each investment. You don’t have to be precise; accept imperfection. Remember that risk management expertise probably exists elsewhere in your company — try to learn from those people and leverage the same approach. Use the tools and data available to you.
Learn to speak the business language. Security is not (only) a technical issue. There’s a lot you can learn from the CFO or CRO and the CEO, and you can use these conversations to help them learn more as well. Building a comprehensive risk management program that encompasses financial, reputational and security risks will help your business become stronger on all fronts.
More Info: a+ network+ security+ jobs
No comments:
Post a Comment