. https://www.securitymagazine.com/articles/91648-a-framework-for-measuring-infosec-as-a-business-function

home.aspx
   

article
SHARESHARESHARE
A FRAMEWORK FOR MEASURING INFOSEC AS A BUSINESS FUNCTION
In my December column, I ended with the observation that many CISOs struggle when it comes to first determining and then actually communicating the business value of the security options out there. Often, that failure stems from CISOs who lack a background in finance and economics, and their inability to couch security solutions in business terms can prevent the deployment of controls that improve security while using existing or less resources. Today, security practices are no longer a distasteful cost of doing business but rather an indispensable and inextricable aspect of advancing it, recognized as integral components of corporate governance and accountability. Yet the risk-adjusted costs of security investments are still poorly understood. Historically, it has been a challenge to accurately measure these expenditures and then assess them within the context of an organization’s overall risk management strategy. JOHN MCCLURG READ MORE