1
Step 1 : Define the Security Initiative
-
Clearly outline the security measure (e.g., tool implementation, policy change, training program, infrastructure improvement).
-
Identify the primary security risks it addresses.
-
Establish the intended business impact (e.g., risk reduction, compliance improvement, efficiency gains).
2
Step 2 : Scoring Criteria
Use the below Smart calculator to analyse the investment score
-
Score each criterion from 1 to 3 and apply weights.
-
Total Score = (Sum of Weighted Scores)
-
Decision Guide: ≥ 2.5 → GO (Strong ROI, security and business value align). 1.5 - 2.4 → Review Further (Reassess costs, scope, or alternatives). < 1.5 → NO GO (Low ROI, high disruption, weak risk mitigation).
3
Step 3 : Additional Considerations
-
Urgency: Does the investment address an immediate risk or incident?
-
Alternatives: Are there cheaper/better alternatives?
-
Strategic Fit: Does it align with security and business roadmaps?