The Challenge: Having a good business case is critical to ensuring that a security project not only gets the buy-in and funding to go forward, but also is attuned to an organization’s key business drivers and requirements. However, writing business cases for the many security projects with no direct linkage to a revenue-producing outcome can be challenging.
Our Solution: Security Architects Partners can help you make your difficult security business cases. Our basic methodology calculates “return on security investment” as follows:
- Estimate the financial impact and likelihood of expected losses from risks to be covered by a project
- Rank the best available risk mitigation strategies (or alternative sets of controls) by their ability to reduce the impact and likelihood of loss
- Estimate the capital costs, levels of effort and other costs of each strategy
- Analyze the costs and benefits of the strategies against a set of scenario-based assumptions to recommend and drill deeper into the optimal approach
We can employ the open Factor Analysis of Information Risk (FAIR) quantitative methodology or other methodologies in use at client organizations or otherwise fit for purpose. Business cases also benefit from our project planning expertise – each identifies scope, milestones, critical success factors, dependencies and risks for the project. Upon delivery we will also help present and justify the business case to senior management.
Benefits: With a Security Architects Partners business case, clients will be starting off on the right foot with their important security projects. Well-justified projects will have good rough order of magnitude cost, effort and schedule estimates, team consensus, management buy-in and workable delivery plans. These projects are likely to succeed and reduce operational, compliance and other risks and costs for the organization.