17 - Potential benefits

Abstract

Numerous potential benefits are available from building converged security processes and adopting an enterprise-wide view for addressing security risk. Benefits can be categorized as originating from three broad categories: risk factors, business process factors, and human factors. Risk factors can be defined as benefits that are delivered from risk mitigation, such as reduced liability, or increased compliance with governing legislation. A converged risk assessment methodology may be employed in both IT and physical applications. The converged risk assessment methodology evaluates both IT and physical issues in each application; therefore, risk is assessed more often and the potential exists to identify and mitigate vulnerabilities earlier. One common attribute of converged security organizations is the delivery of cumulative security risk reports to senior management in a comprehensive or amalgamated form. A better-informed executive group might be inclined to approve extra security programs or allocate additional budget funds to security programs due to their fuller understanding of security risks. Business process factors relate to benefits derived from cost savings, increased operational efficiency or business value, or reduction of the business process life cycle duration. Human factors can be described as benefits obtained from human interaction, including increased security awareness or improved morale or security department image and reputation.