I spoke at an excellent CIO Security Forum put on the the St. Louis Chapter of the Association of IT Professionals on Saturday and learned tons of great stuff from the other panelists and audience.
One of the big issues raised was how to calculate return on investment for security efforts in order to sell security projects to management.
CFO magazine has a comprehensive discussion of this issue in an article called “Gremlin in the Works,” which is as good a starting point on this issue as I’ve seen.
Here’s the abstract:
“It’s almost impossible to figure ROI for information security investments. But as supply chains become more complex and business partners become more connected, IT security is increasingly the concern of the CFO.”