Today many CIO’s are witnessing their Information Security budgets being slashed, their projects being postponed, and their IT departmental employee levels being down-sized.

Beyond the pressures of our economic downturn, we believe that too many CIO’s are still struggling to articulate the real and measurable value of their security programs and thus better justify their information  security budgets to their Board of Directors or executive managment leaders in charge of risk management.  Too often the reason for that struggle is that not enough attention is being paid to communicate real value and measurable dollars in those presentations to upper management.  

A recent article written by Khalid Kark, a contributing writer to Computerworld, offers a way for those CIO’s to make a better business case presentation to their executive risk management teams, and, also other senior level executives and directors.  Depending on the particular needs, this article offers a detailed discussion and value-added approach to five (5) categories that make the case for continued investment in an organization’s information security program(s) — e.g. revenue, reputation, regulation, resilience and recession.

Click here to read more …….

One of the risk management components in a business continuity plan that is often overlooked for compliance requirement review is the organization’s sponsored website.  Many companies simply do not realize their potential exposure to legal liability in this area and the question can be asked “why is that so?” 

This question is answered in an article recently posted in ArticleSpan and is recommended reading to give risk managers keen insight to reducing this liability in their organization.  In addition, sixteen (16) high risk activities that indicate the need for website legal compliance are clearly stated for consideration and testing your organization’s vulnerability to this risk.

Click here to read this article.