Having a good business case is critical to ensuring that a security project not only gets the buy-in and funding to go forward, but is also is attuned to an organization’s key business drivers and requirements.
We can help you make your difficult security business cases. Our basic methodology calculates “return on security investment” as follows:
- Estimate the impact and probable frequency of expected losses from risks to be covered by a project
- Rank the best available risk management strategies (or alternative sets of controls) by their ability to reduce the impact and frequency of loss
- Estimate the capital costs, levels of effort and other costs of each strategy
- Analyze the costs and benefits of the strategies against a set of scenario-based assumptions to recommend and drill deeper into the optimal approach
We can employ the open Factor Analysis of Information Risk (FAIR) quantitative methodology or other methodologies in use at client organizations or otherwise fit for purpose. Business cases also benefit from our project planning expertise – each identifies scope, milestones, critical success factors, dependencies and risks for the project. Upon delivery we will also help present and justify the business case to senior management and other stakeholders.
At the end of the engagement, you’ll have well-justified projects with rough order of magnitude cost, effort and schedule estimates. This facilitates team consensus, management buy-in and workable delivery plans. These projects are likely to succeed and reduce operational, compliance, and other risks or costs to the organization.
For more information on how our Business Case Development service can help you gain stakeholder buy-in: