Introduction to Viruses
Defining the Value of Information Security
Whether a large corporation or small, it's essential to keep the message simple, especially when first introducing the idea of Information Security to Senior Management. "A picture is worth a thousand words," says Crutchley. "If you can help the CEO to visualize ISO17799 you've accomplished the task."
Information Security is NOT insurance. It's a business principle. It's an art. If the company understands that, then whether Information Security does or does not produce a return on investment is no longer important. What is important is that the company's information system is indeed as secure as it can get.
From: Indiana Information Security Web - http://www.iisw.cerias.purdue.edu/business_industry/defining_value.php
