All security folks know ALE (Annualized Loss Expectancy) and all of us know how it does not work well ,when we try using those numbers to fund our projects.
This article has some good ideas about why our requests might be ignored and how we can improve our chances.
According to the article:-
In essence, the idea is information security risks should be geeked out and presented within the security organization as they are the right audience for it. Once you go out of your organization, to ask for money or support from different organizations within the enterprise you should translate the benefits of the proposed security solution in the context of the individual organization’s objectives.
The more direct and contextual the benefits are the more plausible your business case becomes. The context helps get the right non-security organization back you up due to mutual benefits offered by the proposed solution, to alleviate existing business process pain points.
The links below has more information:
No comments:
Post a Comment