Introduction to Viruses
Defining the Value of Information Security
The way to secure an organization, independent of any technology, any policy, any service or system, is to get the CEO, the CFO, and the Business Owner to buy INTO, rather than just buy, Information Security. The Information Security Process must be viewed in the same way as Employee Morale or Data Integrity or Teamwork or yes, even Customer Service!. It should be valued as an integrated business process.
CEOs must value security not from the numerical perspective, but from the principled perspective. Who wouldn't want to protect customer records? Who wouldn't want to make sure that company secrets remain secret? Who wouldn't want to ensure that Georgia the Geek doesn't know how much Paula the President takes home to her family? Just like the CEO automatically connects the impact of employee morale on customer service, the connection needs to be made between Information Security and its impact on other business processes.
When's the last time you heard a CEO ask, "What Return on Investment do I get when I invest in Customer Service?" If we really do want to increase the value of information security in the workplace, we must get the CEO, the CFO, and the Business Owner to value the principle of good security.
From: Indiana Information Security Web - http://www.iisw.cerias.purdue.edu/business_industry/defining_value.php
