ISC Best Practices for Making a Business Case for Security
Increasingly complex security challenges and a dynamic threat environment necessitate the requirement for a strong and agile security planning, programming and budgeting process. To that end, this publication assists security professionals in constructing a decision-making process or rationale for proceeding with a security project or security program, completing a benefit-cost analysis (BCA) to support spending decisions, applying these concepts to the ISC Risk Management Process, and measuring success.