Jeremiah Grossman on Justifying Security Spending
I liked the way Jeremiah Grossman listed five ways to justify security spending:1) Risk Mitigation
"If we spend $X on Y, we’ll reduce of risk of loss of $A by B%."
2) Due Diligence
"We must spend $X on Y because it’s an industry best-practice."
3) Incident Response
"We must spend $X on Y so that Z never happens again."
4) Regulatory Compliance
"We must spend $X on Y because PCI-DSS says so."
5) Competitive Advantage
"We must spend $X on Y to make the customer happy."
Jeremiah expands on each in his blog, which makes for good reading.
0 komentar:
Post a Comment