Comments on: Selling data security to the CEO http://www.controlpolicy.com/2009/07/selling-data-security-to-the-ceo/ Data security the way you run your business Fri, 06 Nov 2009 11:38:43 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Neil Greenberg http://www.controlpolicy.com/2009/07/selling-data-security-to-the-ceo/comment-page-1/#comment-79 Neil Greenberg Thu, 17 Sep 2009 16:57:07 +0000 http://www.controlpolicy.com/?p=424#comment-79 To those who are "selling" security to organizations, need to frame the pitch in a value proposition context. The easiest way is to be able to answer the following questions: 1. How will this project / initiative increase the income of the organization? 2. How will this project / initiative decrease costs to the organization? 3. How will the risk be reduced to the organization? It takes a solid answer to either 1 or 2 along with demonstration of the answer to number 3 for a project to be sold. If you can show value to all 3, it becomes a "no brainer" for executives to approve and support. Using the threat modeling is the appropriate way to develop a response the third question. The sales team of an organization would be the source of how much additional revenue could / would be generated with the IT department being the source for how costs will be cut. Past experience has shown that if you do not have a simple, understandable, value proposition for what you are selling, you are just setting yourself up for failure. I would love to hear from others their perspective on this point of view. To those who are “selling” security to organizations, need to frame the pitch in a value proposition context.

The easiest way is to be able to answer the following questions:
1. How will this project / initiative increase the income of the organization?
2. How will this project / initiative decrease costs to the organization?
3. How will the risk be reduced to the organization?

It takes a solid answer to either 1 or 2 along with demonstration of the answer to number 3 for a project to be sold. If you can show value to all 3, it becomes a “no brainer” for executives to approve and support.

Using the threat modeling is the appropriate way to develop a response the third question. The sales team of an organization would be the source of how much additional revenue could / would be generated with the IT department being the source for how costs will be cut.

Past experience has shown that if you do not have a simple, understandable, value proposition for what you are selling, you are just setting yourself up for failure.

I would love to hear from others their perspective on this point of view.

]]>