Make no mistake: just like watching a perfect ballet performance, success is attributed to the hard work done behind the scenes. Only the best are chosen. The same goes for preparing and submitting a security project business case.
Securing funding for a security project starts with a credible and comprehensive business case that not only justifies the need for the proposed project but also outlines how this investment will result in risk reduction, operational efficiency and optimization of existing resources while saving the business money.
To quote
Irfahn Khimji in his article,
Turning Data into Metrics:
“Next time you are building an executive metrics deck, keep this in mind: if they don’t understand how you are saving them money, they won’t give you money to fund your projects.”
To accomplish this, consider the following five tips:
1. Build your Team, delegate and watch the flowers grow
The first step is to assemble a winning team. Outline the project's success criteria, "needs" versus "wants," timeline and ultimate goal, as well as consider your existing environment, product integration capabilities and time management. Work from a universal document and schedule routine meetings and updates.
2. Know Both Sides of Your Pain
Know your company’s acceptable risk tolerance and the cost of not investing in reliable security tools. If your organization decides to not make the financial investments in foundational security solutions that provide an early alert of a breach or ease an audit and/or a failed audit, know the cost of the cleanup and have a fund set aside, for statistics show such an event will very likely occur.
According to the
2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute, there is a 26 percent chance of a breach happening over the next 24 months. Stats like that will improve your case. At the same time, know the upfront and future costs and advantages of investing in foundational security solutions that provide deep visibility and quality reporting.
3. Think Big-Rock the ROI
How much will your organization save over the next five years if you invest in automated security solutions today? And to define "save" we are talking more than dollars and cents. It is the cost of buying a solution in today’s dollars versus tomorrow's; it’s the productivity and advancement employees lost because they were saddled with manual work that could have been done by automated technology that improves operational efficiency. Or it's the risk of losing those employees to other companies that offer them more rewarding work and opportunities to innovate.
4. Prove it in words they understand
Through your business case proposal, use the language and terms of your audience to outline the evidence and value of why this proposal is a winner.
5. Ask for what you need
Don’t hesitate to stand your ground on asking for a specific solution and backing up the cost. Show how this project weighs against past projects that did not deliver. Do not hesitate to show that you have left no stone unturned and that higher dollar upfront will render far more benefit then the initial cost.
Conclusion
In summary, before you put on your dance tights and expect success, be sure you have done the hard work behind the scenes. Build your team and delegate the groundwork. Know your company’s risk tolerance and weigh that against the long- and short-term impact costs of a breach versus the cost of your proposed security investment. Show that your proposal is written in your audience’s language. Convey that this proposal is concise and will provide real savings.
And finally, do not allow this project to be underfunded. Standing up for what you need is key to greater security, as well as money well spent on an investment in your organization's future that will pay for years to come.
