Information Security can be similar to insurance … it’s only discussed when bad things happen and it’s rarely a revenue generating center. So how does one show return on investment? I was recently asked to do just that by participating in a presentation to our Board of Directors. Senior management wanted to show off the new security operation center and the SOC team to the board. My first thought was: <sarcasm>That is a great idea … they can walk through a SOC and see all the “Security Bling” screens on the wall.</sarcasm> But after brain storming with the team, we actually came up with a great idea that I will be writing about over the next several weeks.
How often have you had to argue or prove the value of your Information Security program to management? Here is an innovative way to do just that (without arguing).