Are we secure enough?


Are we secure enough?
This oft-heard question in IT is usually accompanied by: “what happens if we reduce the budget (for information security) by 10 percent this year?”

Quick thinking managers cite stories about self-insurance, premiums on house insurance polciies, and which part of the house the organization can’t rebuild after the organizational house burns down.

But, the best practitioners engage senior leadership with an on-going business and financial risk assessment program, one that manages budget for information security focused on managiung the biggest business and financial risks from the use of IT. 

By allocating spend for informaiton security and audit on practices that drive better results, these organizations are experiencing returns exceeding 200 percent and more, each year. The benefits of managing the budget to manage the risks include:

– the lowest rates of data loss or theft

– the least business downtime from IT failures and disruptions

– the fewest problems with regulatory audits

In addition, these organizations spend less than half of what others are spending on audt fees and expenses each year.


If you are being requested, or told, to do more with less this year, then it pays to find out what’s actually working to reduce risks, reduce costs and improve results.  See the latest research, Managing Spend on Information Secuirty and Audit for Better Results from the IT Policy Compliance Group.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: