Selling Security to the CEO

Organizations who do security right can achieve real economic advantages, but how can you convince company executives of those advantages?

In an article on Darwinmag.com, Dr. Larry Ponemon, chairman and founder of Tucson-based Ponemon Institute, says many IT security professionals fear meeting with senior management to justify an increase in their security budgets.

Ponemon says this fear is grounded “in the inability of many IT professionals to make a convincing case for security.” Unfortunately, he says, many senior executives don’t consider how an enhanced security program can deliver economic advantages and protect the organization’s reputation and brand. “They view security more as a cost center than as an investment,” he says, “and that limited perspective causes budget discussions to become stalled around accounting and ROI metrics.”

In the article, Ponemon presents a case study to illustrate the difficulties IT professionals run into when justifying budgets, and offers five security principles that resonate with CEOs to help alleviate those problems, including:

1. Stay ahead of the curve on all issues that affect the ethical business practices of the company, even if the issues affect a small division in an emerging marketplace.
2. Reduce network security breaches and downtime from network failure to improve operational efficiency and save money.
3. Implement security programs that provide better control over assets and intellectual properties.
4. Reduce the risk of a security breach due to employee negligence or abuse.
5. Foster an ethical culture, from the boardroom down, which explicitly values and promotes actions that leave no room to compromise the company’s reputation.

To read Ponemon’s full article, click here: http://www.darwinmag.com/read/feature/column.html?ArticleID=1140