Justifying Security to Management Term Paper

Justifying Security in the Business World Today

Having a good security policy, from screening prospective employees to protecting vital corporate data, can be costly for a company. But good security acts like an insurance policy. Ideally, a company does not want to have to use the full capacities of its security system. But if a security system is not present, then complications, when they do arise, can be disastrous to the immediate health and welfare of employees and the long-term future of the company. Thus, security personnel who are selling security systems, devices, technology, or services to a company often find themselves in the unenviable position of a life insurance salesman or woman -- they have to convince a company that the initial cost is justified, because of the risks that lie ahead if the investment is not made in the here and now, and they have to bring up the difficult and thorny issues of possible losses if the systems are not implemented.

How Security Systems are Effective in Generating Profits

Security investments may seem like costs initially, rather than areas of profits because the benefits of security are not immediately tangible, or calculable. But individuals are more willing to invest in companies that have secure systems in terms of auditing and information protection. A consumer is more likely to make use of a credit card from a company with a documented security policy. An employee is more likely to stay at a company where he or she feels safe and secure, working late at night.Investors are more likely to part with their immediate cash, if they feel standard procedures in accounting are openly obeyed, when the company is calculating how the corporate finances are allocated.

Preventing Losses

Another way to justify the costs of security to management is loss prevention or mitigation and what is also called 'risk management.' In planning for the unexpected, companies have to weigh the risk vs. The cost of a contingency plan. When marketing security, the speaker must communicate a clear business case for investments in security, present the strategy in cost-effective language and layperson's terms. (Flynn, 2005) Robert Austin (2005) suggests putting high-tech language in this simple financial scenario on a personal level: if you knew "affordable lock technologies that provide better protection were available" for your home, and neighbors were being burgled in your area, would you consider it a savings not to make such an investment? Of course not, although a surprisingly large number of companies don't think the security of their IT infrastructure is all that important, as evidenced by the "48% of companies stringently control the applications that are installed on corporate computers." (Austin, 2005)

Austin states that such this kind of sloppiness in security "should be no more acceptable to responsible companies than is sloppiness in tracking inventory or cash in a company's bank account. When we stop thinking about information….....