Security News > 2003 > July > Re: Calculating security ROI is tricky business

Forwarded from: Mark Bernard Dear Associates, In my opinion it gets down to mapping IT/IS annual goals and objectives to business goals and objectives. But if you ask a techie how fixing the firewall or a server will help the company improve profits you may be surprised at the answer you'll get. However its not really fair to blame the current problem on techies after all the are highly trained professionals and most of them do very good work. If you look closer however you see that the problem is with middle and senior IS/IT management. Most of these fellows have come up through the ranks and as all good organizations do, they promote from within. The problem is that these guys without the proper mentoring from the Executive group or Finance group don't have two clues about how to map IT/IS goals and objectives to organizational goals and objectives. As close as they get to managing the over all business is to take last years approved budget add a fudge factor and then create a new budget. This is a great process because it allows you to quickly get back to the things that you like to do and are comfortable with, instead of justifying why it is that you do these things. Ponder this if you will, if technology is the solution for business needs then what is the solution to technology needs? Regards, Mark E. S. Bernard, CISM. ----- Original Message ----- From: "InfoSec News" To: Sent: Tuesday, July 22, 2003 4:20 AM Subject: [ISN] Calculating security ROI is tricky business

News URL

http://www.computerworld.com/securitytopics/security/story/0,10801,83207,00.html