At a recent seminar on information security management, I heard that FUD (fear, uncertainty and doubt) is dead, that ROI is dead and that the insurance model is dead. Information security needs to give business value. This sounds like a terrific idea, but the lecturer was unable to provide a concrete example similar to purchasing justifications that companies use like: "Yes, we will buy this machine because it makes twice as many diamond rings per hour and we'll be able corner the Valentine's Day market in North America."

The seminar left me with a feeling of frustration of a reality far removed from management theory. Intel co-founder Andy Grove said, "A little fear in an organization is a good thing." So FUD apparently isn't dead.

This article will help guide Computerworld readers from a current state of reaction and acquisition to a target state of business value and justification for information security, providing both food for thought and practical ideas for implementation.

The link for this article located at ComputerWorld.com is no longer available.