*****The Business Case for Network Security: Advocacy, Governance, and ROI.By Catherine Paquet and Warren Saxe; published by Cisco Press, www.ciscopress.com (Web); 408 pages; $39.95.
Convincing executive management of the merits of a stable and secure network infrastructure is a difficult and ongoing battle for IT managers. The battle intensifies when it comes time to fund network security initiatives. IT managers must become adept advocates for such programs, so they must be proficient at demonstrating that network security is a crucial concern and that spending is necessary. A good companion for this task is The Business Case for Network Security, which helps IT security professionals assess their organization’s risks and quantify costs and cost savings related to investments in network security.
Authors Catherine Paquet and Warren Saxe offer excellent direction for creating and delivering a security proposal to executive management. Readers learn to use established financial-analysis methods such as net present value, internal rate of return, and payback period, and they are introduced to a concept developed by the authors—return on prevention, a tool used to determine the value of a proposed security expenditure.
By educating readers on these concepts, the authors make their audience more fluent in the language of business leaders. The authors’ solid framework for creating a policy-and-procedure-based structure for network security, and their adept presentation of material makes this book valuable for IT managers, security practitioners, and consultants alike.
Reviewer: Nick Vellani, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), is a senior associate in the Business Advisory Services/Technical Risk Management Practice at accounting firm Grant Thornton in Houston.He holds an MBA from Houston Baptist University.