You are here

Guide to Making a Business Case for Security

Guide to Making a Business Case for Security

Created: Tuesday, February 21, 2023 - 12:47
Categories:
General Security and Resilience, Security Preparedness

Could your utility use assistance developing a decision-making process or rationale for proceeding with a security project or program? If so, the newly released Making a Business Case for Security from the CISA-led Interagency Security Committee (ISC) can help.

As the guide notes, “The cost to recover from a security incident may be more expensive than the cost of preventing such events.” Security managers are already well aware of this, but quantifying and justifying the value of security expenditures can still be challenging, especially when budgets are highly constrained. Included in the steps for building a case for security are establishing a security project team, conducting a risk assessment, and developing a benefit-cost analysis, among others. While the guide is intended foremost for federal buildings and facilities, it can still be put to effective use by security managers in other levels of government and in the private sector. The discussion of developing a benefit-cost analysis, for example, incorporates a methodology from the Office of Management and Budget (OMB). The nine steps outlined in the methodology can still generally be used by any organization. To help explain and these and other best practices, the guide weaves in numerous case studies. It also includes links to many other resources. Access the guide below and at CISA.