Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A guide to monetizing risks for security spending decisions

Curt Dalton | April 7, 2015
Security executives routinely have to make tough decisions about which risks to mitigate, which to avoid or transfer and which to accept. Your security budget has its limits. You have a finite amount of cash to spend on people and technologies to keep your business' risk to an acceptable level, so you have to make your decisions wisely.

If you therefore choose to mitigate this particular risk, you should spend no more than approximately $388K. Based upon your desired risk appetite, the following (fig. 8) illustrates when you should mitigate a risk versus when you should choose other risk options. Increasing the slope of the line indicates your risk appetite is lower, since mitigation occurs more often. By decreasing the slope of the line, you demonstrate a higher risk, since you mitigate less often. If you think about past 'risk appetite measurements' and where risk decisions fell on the graph historically, the business intelligence this data provides is both interesting and valuable.


Making a decision to mitigate or manage a key risk can be difficult. Risk mitigations must be right-sized for your business by not costing too much or taking too long to implement.

By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.


Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.