How to justify information security spending
At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value.
This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to purchasing justifications that companies use like: "Yes, we will buy this machine because it makes twice as many diamond rings per hour and we'll be able corner the Valentine's Day market in North America."
By Danny Lieberman at Computerworld.
[ Read more ]