Re: Business Case

[Christian_Moldes () hotmail com]

Some resources that may be useful are:

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI
Cisco Press, ISBN : 1-58720-121-6 


The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program, Second 
Edition
Butterworth Heinemann, ISBN: 0750676566


Surviving Security: How to Integrate People, Process, and Technology, Second Edition
Auerbach Publications, ISBN: 0849320429


If I were you I will start with security awareness
providing semi-daily security news regarding security incidents: breachs, defaced websites, hacked companies, etc. 

I also will look for help in the upper management to be the project owner of the security initiatives. Having support 
and enforcement from the upper management is critical. How do you get that, use security awareness.

Best regards,

Christian J. Moldes
CISM, CISSP, CISA, MCSE:Security, CCNA, PCI QSA
ISMS Lead Auditor (ISO 27001:2005)