Navigating Risk — The Business Case for Security
Thomas E. Cavanagh
Security directors are often lonely, politically isolated in companies where the most influential executives seem the least supportive of security concerns. These directors can find allies in risk-oriented officers such as risk managers, compliance officers, and chief information officers. Metrics such as vulnerability assessments and the cost of business interruption can help make the case, as can aligning security with business objectives and strategy as well as compliance and certification.