Skip Navigation LinksASIS International / Membership / Member Center / Security Spotlight / Business Case for Security

Business Case for Security

​​​​​​​​​​​​Industry speakers talk about the need for security managers to become a part of the C-suite. Authors write about methods for gathering security information in ways that business executives can understand. Career counselors advocate adding business courses to academic pursuits. So what is the payoff?

These ASIS resources provide specifics on how security managers have upgraded their operations so security has become part of top-level business decision making. The methods, industries, and departmental make-up may differ, but the result are the same: these security professionals have changed the view of security within their organizations and have become business enablers.

“If you think of security as nothing but a cost center,” said one speaker, “you need to get out of it.”

» View Past Security Spotlight Topics

 Login Required (Free)

Content requires free account.

Make Your Case
Security Management article

Planning and Budgeting (pdf)
Effective Security Management, 6th Edition, book chapter

Creating a Corporate Security Strategy Aligned with the Business Strategy
recording from ASIS Seminar 2014

 ASIS Members Only

Content requires ASIS Membership.

Statistics as a Security Management Tool (pdf)​
Effective Security Management, 6th Edition, book chapter

Making the Business Case for Security Investments
recording from ASIS Seminar 2014

Sources of Information on the ROI of Security (pdf) 
ASIS Library

Free Resources

Make Your Case
By Nathan Boberg, CPP, West Regional Security Manager, Progressive; and Keith Blakemore, CPP, Director-Corporate Security, WW Grainger.
Security Management, June 2014

The authors describe two corporate security risks: a request for capital to fund the installation of CCTV cameras in a high-risk location, and a fraud management solution related to corporate growth in e-commerce sales. In each instance, the security team developed a written business case, which was presented to the company’s senior management; both were approved. Most of the article is devoted to discussing the elements essential to a comprehensive business plan: the executive summary, project description, business impact, justification, cost-benefit analysis, alternatives and analysis, recommendations, and approvals. The authors emphasize:

  • A business case assists organizational stakeholders in making decisions on the viability of a project.
  • The business case should document all relevant information and link these points into a cohesive story.
  • In a metrics-focused business environment, security practitioners must be able to complete a quantitative analysis projecting potential losses and a cost benefit analysis over five years

Planning and Budgeting
Effective Security Management, 6th Edition
By Charles Sennewald (Butterworth-Heineman, 2015)

This detailed chapter uses examples to describe the intrinsic relationship between plans and budgets. A budget breathes life into a plan and gives the plan direction, Sennewald contends, and plans must be based on good judgment​ and good decision-making estimates about the future. In an optimal scenario, senior management initiates the process by establishing acceptable expenditure guidelines. Next, security managers submit courses of action, with costs, for achieving organizational goals. Senior management, then, makes decisions based on the security manager’s recommendations. A sample of key points:

  • Understanding the basics of budgeting provides a groundwork for sophistication and growth.
  • Projects will not exceed the planned costs if the budget is managed properly.
  • Budgets are based on intelligently anticipated and predictable conditions based on known conditions.

Creating a Corporate Security Strategy Aligned with the Business Strategy
Seminar Session 2014
Speaker: Malcolm Smith, CPP, Head of Group Security, Sasol Ltd.

A range of analytical tools can be used to align a credible security strategy with the organization’s goals. Understanding what the customer needs shapes the organization and aligns the business functions, including security, across the organization. In this scenario, security becomes an enabler, helping the organization meet its goals. To achieve this end, Smith presents analytical models that are encompassed within a strategic planning process, including a needs analysis, value chain analysis, and industry analysis. Among his key points are:

  • Security executives must be able to align technology, resources, and people to drive the execution of new strategies that are meaningful to the enterprise.
  • Providing statistical analysis with a security strategy provides believable information to executives and proves its conclusions.
  • Security managers are not in the business of security. Alignment means they look at where the business is headed, not just losses.

​​Members Only Resources

Statistics as a Security Management Tool By Karim Vellani, CPP
in Effective Security Management, 6th Edition
By Charles Sennewald (Butterworth Heineman, 2015)
(A new edition of this book will be available in September 2015)

Key metrics derived from statistics broaden management’s knowledge about the security operation and increase its effectiveness, writes Vellani. He provides substantives examples of what statistics are useful to a security manager and how to acquire the facts that lead to reliable metrics. Through gathering internal and external data into spreadsheets, both basic and advanced statistical analyses can be performed to meet the needs of the organization. Crime information and security reports also set the parameters for security surveys and risk assessments. Additional points from the chapter include:

  • Statistics and metrics should meet three criteria: availability, utility, and credibility.
  • Optimization is used by organizations operating in a dynamic environment to effectively manage risk.
  • Return on investment means security measures are either paying for themselves or adding to the bottom line.

Making the Business Case for Security Investments
Seminar Session 2014
Speakers: Gary Bald, Royal Caribbean Cruises, Ltd.; Bob Banerjee, NICE Systems; Michael Mason, Verison; Chris Swecker, Chris Swecker Enterprises.

“Think like the business leader you are,” says one speaker, all four of whom lead security organizations that are integral to their employer’s business strategies. While from diverse business sectors, they offer insights on how they have aligned their security operations with the core business. To get there, they have adopted methods that involve peers and executives in setting the security agenda. An example is a “crown jewel exercise,” in which executives are asked to rank the organization’s most important business assets, which helps they buy into the security solutions. Speakers emphasize the following:

  • Security has to be aligned with corporate priorities; if it’s not, it’s irrelevant.
  • By creating reliable intelligence, security becomes a trusted source of information.
  • When looking for a capital expenditure, get buy-in from peers; those dollars are going to come out of their budgets—there isn’t more money.
  • Explaining consequences to senior management helps them make decisions with “eyes wide open.”

Sources of Information on the ROI of Security
ASIS IRC Reference Guide

A comprehensive review of the many resources, research findings, Security Management articles, council papers and presentations, seminar session recordings, and books available through ASIS International.