There are times where an organization can obtain business by having a certain level of compliance that it could not otherwise have.
But yes, it is true that increasing revenue is not one of the primary goals of information security. -ASB: http://XeeSM.com/AndrewBaker On Fri, Oct 30, 2009 at 10:36 AM, Erik Goldoff <[email protected]> wrote: > " If made a part of a larger business strategy, it can also contribute > positively to revenue, ... " > I think that's up for debate, especially based on perspective ... It can > protect the mechanisms that support a revenue stream, but I think there are > very few cases for non-IT companies where InfoSec can actually *add* to the > revenue stream. It's normally a part of the fixed overhead cost. > > If your company makes widgets, you can show that x dollars of raw materials > and y dollars of labor cost contribute to revenue of y dollars when the > widget sell. There is a direct relation to the cost of raw material > required to produce the widget, as well as the time it takes to convert that > raw material to a widget > > They only really see the value after the fact, when they see what has > actually been lost by NOT implementing proper security proactively. > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > ------------------------------ > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, October 30, 2009 9:47 AM > > *To:* NT System Admin Issues > *Subject:* Re: Ransomware > > Definitely... And that is short-sighted. > > Because it shows a distinct lack of understanding about Information > Security. InfoSec is about risk mitigation and revenue *protection*. If > made a part of a larger business strategy, it can also contribute positively > to revenue, but that is not it's primary goal. > > The alarm system on your car does not make it faster, more gas efficient or > more comfortable, but it helps to ensure that you have the use of your car > for a longer period of time. > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Providing Competitive Advantage through Effective IT Leadership* > > > > On Fri, Oct 30, 2009 at 8:43 AM, Erik Goldoff <[email protected]> wrote: > >> a LOT of it comes back to budget ... the decision makers are loathe to >> include budget for *anything* that does not generate revenue, and work >> towards reducing fixed overhead costs. >> >> Erik Goldoff >> >> *IT Consultant* >> >> *Systems, Networks, & Security * >> >> >> ------------------------------ >> *From:* Marc Maiffret [mailto:[email protected]] >> *Sent:* Thursday, October 29, 2009 8:28 PM >> *To:* NT System Admin Issues >> *Subject:* Re: Ransomware >> >> Another on the list of reasons of why it drives me insane that so many >> companies still sit around saying the same thing year after year: >> >> Why would anyone come after me? I am joe small business in joe small town. >> I am not wells fargo. >> I have never had an incident before beyond the normal spyware and such. >> >> Questions and comments which are so easily slain as are the servers and >> workstations of the people whom make them. >> >> Two types of people call by company, the ones whom are looking to be >> proactive and avoid the pain of what a breach can turn into and the ones >> whom thought like the people above whom now are looking for people to help >> clean up the mess. >> >> -Marc Maiffret >> www.marcmaiffret.com >> >> On Wed, Oct 28, 2009 at 12:05 PM, Roger Wright <[email protected]> wrote: >> >>> Spyware, Malware, Scareware, etc.... now we have Ransomware. >>> >>> http://blogs.zdnet.com/security/?p=4748 >>> >>> >>> Roger Wright >>> ___ >>> >>> Sent from Tampa, FL, United States >>> >>> >>> >>> >>> >>> >> >> >> >> >> >> >> >> >> > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
