The two things that are most often overlooked by security professionals are gaining management support and the acquisition of budget resources. In most environments, money is in scarce supply, while the demands on that money are not. As a security professional, you have to demonstrate the value of good security practices and resources in order to acquire more money. To do this, you must communicate the need for your security programs and projects to management by showing returns on investment, and you must involve management in a successful security program. You need to do the following immediately to ensure a successful security program:
Obtain management support
Perform a risk assessment
Determine return on investment