Demonstrating Business Value of Security Investments in the Age of Digitalization

Demonstrating Business Value of Security Investments in the Age of Digitalization

Lucas Cardholm (Coromatic Group, Bromma, Sweden)
Copyright: © 2016 |Pages: 25
DOI: 10.4018/IJIDE.2016070101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Management may see security as an inhibitor to the daily operations if the investment is not well aligned with current business activities or is presented in financial terms not relevant to their agenda. While this article shows that security improvements create bottom-line business benefits, there is still a need for security managers to focus on quantifying those benefits in relevant financial terms. The purpose is to demystify the principles of general investment processes and criteria for calculating the benefits and costs of investments while accentuating alignment to the imperatives of the organization that makes the investment. When security investments are assessed alongside other investment projects it helps to consider them on an equal footing, implying the use of similar, and ideally the same, methods of financial cost projection. It is equally important to position and present the proposed investment in a relevant business context.
Article Preview

Introduction

When top-level management makes investment decisions it strives to find a balance between risk and reward for the company to meet the overall goals and ambitions. These goals could be defined as single year financial targets combined with annual budgets and rolling forecasts or they could be related to more long-term metrics used to drive a change.

Since 2008, we have witnessed unprecedented changes in the global economic environment that has presented new risks and challenges combined with new technologies, where some have helped improve security controls and some have brought new risks and concerns.

Many security professionals struggle with the fact that costs associated with information security incidents can have large components that are difficult to quantify. Security decisions still need not be taken with a complete lack of quantified value. Quite to the contrary, in the manner of any investment request, there are often numerous opportunities to collect data and trend information in order to measure the effectiveness of the investment.

If investments in security are assessed alongside other investment projects it helps to consider them on an equal footing, implying the use of similar (and ideally the same) methods of financial cost projection. Benefits that cannot be measured with quantitative values may mean less to senior management. They may see information security as an inhibitor to their daily operations if the investment is not well aligned with current business activities or is presented in financial terms that seem not relevant to their agenda (Tisakis and Pekos, 2008).

This article is aimed at providing security professionals with a brief introduction to performing cost benefit analyses of security investments and presenting them to management in order to bridge the gap between security professionals and business leaders. It is based on recent reports and previous research on the topic, and should be considered as a summary only. For a deeper analysis and broader perspectives on obtaining support and funding from senior management, please refer to the full reports.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing