Check out some of the tips in this <a href=”http://lmgtfy.com/?q=rosi+security”>Google search on ROSI security</a> – ROSI: return on security investment.
Making the pitch for a security product is doomed to fail. Instead, make the pitch based on:
Every hour our web site is not available means we miss such-and-such revenue. This investment increases availability some percent. This investment actually saves us money.
Or something along those lines.
Lost unencrypted “data at rest” examples are always in the news. The figures for penalties are easy to find.
You could be making the pitch for a product that keeps people from accidentally or intentionally corrupting data. Management can relate to keeping accurate records.
If you can make the pitch:
- based on availability, confidentiality or integrity (or some combination thereof) and
- include supportable figures and
- make the pitch without using the word “security”
you’ll stand a good chance of being heard. If you can’t, then you probably shouldn’t.