Ads by TechWords

See your link here
Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
IT Management
ROI (Return on Investment)
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Selling Security to the CFO

How to make a credible case for spending money on IT security.

October 13, 2003 12:00 PM ET

Computerworld - "Shut it down, now!" The guy issuing this command was my chief information security officer (CISO). The "it" he ordered shut down was our entire Internet infrastructure. That infrastructure was generating more than $2 million of high-profit revenue every day. After a sleepless night he had finally figured out why we were suffering a prolonged denial-of-service attack. Our firewalls should have been flawlessly deflecting this attack, but they weren't. The "bad guys" were on us like flies on a dead dog.


His sudden realization was that the firewalls had been reloaded without any of the most critical defensive rules.


The cause of this attack turned out to be human error, but the event triggered a complete review of our Internet security, followed by a decision to beef up our defenses and outsource much of our security administration and monitoring.


Back in the good old days, security consisted of a few firewalls and some virus protection. The threats have outgrown those simple defenses, and the cost has outgrown the approval level of the CISO and, sometimes, that of the CIO. Fortune 500 companies are finding themselves with security expenditures that require CEO and even board-level approvals. Each one of these companies comes with a beady-eyed chief financial officer demanding a rock-solid business case with a credible return on investment.


So you've got three problems. You've got to determine the appropriate level of security for your company. You've got to build a business case that nontechnical senior executives will understand and support. You've got to show that there's a financial return coming out of the investment. And all this is for a system where, if it's performing perfectly, nothing happens, right?


Take a deep breath. It can be done, and with credibility that even the toughest CFO will buy into.


Step 1: Determine the current and appropriate levels of security. Get a security assessment done by a company with a solid reputation. Be sure to include vulnerability assessments and penetration tests against your key systems. (Key systems are those that move money, customer data, employee data or products.) Don't do this yourself. You probably don't have the expertise, but even if you did, you wouldn't have the credibility you need to sell the business case.


Done right, you'll emerge from the assessment with a very good idea of the state of your IT security vs. where you should be and what you'll need to do to get there. Don't be defensive. Share the results with your CEO and business-unit chiefs. They'll become your allies in the fight to get the business case approved. Make it easy for them to understand the problem and the cure.



Additional Resources

POLL RESULTS
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

An In-Depth Look at ROI
In this economy, as IT budgets remain flat or get reduced, doing more with the infrastructure you have has never been more important....  

Data Center Eco-Nomics
(Source: HP) Not only is it possible to gain a rapid ROI from your green computing efforts while at the same time laying...

The True ROI behind WAN Optimization
Looking for solid data behind the cost-savings story of WAN optimization? In this paper, NetForecast analysts interviewed customers who have deployed this solution,...  

Legacy IT Modernization - Practical Reality
(Source: BluePhoenix) Corporate budgets continue to tighten. Organizations are looking at ways to reduce operating costs and eliminate unnecessary expenses while at the...

Extreme Savings: Cutting Costs with WAN Optimization
Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed...  

Interactive Guide: Getting Started with Data Governance
In this online interactive guide, Andrew White, Research VP with lead analyst firm Gartner, answers these questions to help get you on the...

A Strategic Blueprint to Increase Return on Assets
A leading global financial institution embarked on a data center consolidation and reclamation project that spanned nearly 2000 servers and 76 EMC arrays....  

ROI Calculator Tool
(Source: Symantec) Calculate your savings and optimization potential with our ROI Tools: * Veritas Commantcentral Storage * Veritas Storage Foundation with Thin Provisioning...

Assessing the Real Cost of Storage
Read the IDC report to discover a comprehensive financial model for analyzing storage TCO, developed by Hitachi Data Systems. This report outlines how...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....