In a global information society, where information travels through cyberspace on a routine basis, the significance of information is widely accepted. In addition, information and the information systems and communications that deliver the information are truly pervasive throughout organizations—from the user's platform to local and wide area networks to servers to mainframe computers.
The Business Case for Information Security
There are four reasons to implement Information Security:
Ø1. Sound management
2. ØSound economics Ø
3. Sound customer service
Ø4. Sound legal protection
It is sound management: It reduces your risk and allows you to do more business in a safer environment
Conditions for sound management decisions
•:: Security should support your organization’s mission
•:: Security should be cost-effective (but it does cost)
•:: Security should be an integral element of a management plan
•It is sound economics: it keeps you from losing money and protects your profits.
:: How do you measure that in terms of security?
:: How much could it cost you to ignore Information Security?
:: Think of the business operations loss
:: Think of the data loss, Cost to re-create data
:: Think of Cost to eradicate viruses, rebuild computers...
:: Think of your liability, loss of customers, reputation
Your investment in security will keep your operating risk from becoming too high.
Executive management has a responsibility to ensure that the organization provides all users with a secure information systems environment. Sound security is fundamental to achieving this assurance. Furthermore, there is a need for organisations to protect themselves against the risks inherent with the use of information systems while simultaneously recognizing the benefits that can accrue from having secure information systems.
Security failures may result in both financial losses and/or intangible losses such as unauthorized disclosure of competitive or sensitive information.