The Business Justification for Data Security

It bears mention that, for reasons we'll explain in the following sections, we consider it impossible to rely completely on quantitative justifications, but we will show you how to combine quantitative and qualitative factors to make informed risk management decisions. We won't discuss specific technologies except as examples, but will instead focus on business aspects you can use in your discussions with management. Also, this isn't a generic model to justify any security spending - instead we'll focus specifically on information valuation and data security. All subsequent reviews of information valuation, risk and loss assessment, and positive benefits such as reduced TCO or audit costs come from this data-centric analysis. Our goal is to give you the tools you need to evaluate your situation and determine if the risks you face warrant spending on security.