“So, are you ready to make this investment in the security of your data?”  As the salesperson pushes a proposal for a new data center fire suppression system across the table, you question whether the $50,000 investment is warranted.

Many technology professionals make risk mitigation decisions based upon instinct and anecdote, sometimes leading to overly conservative approaches due to a fear of underinvesting in critical technology protections.  The use of quantitative risk management techniques can provide a dollars-and-cents basis for making these decisions and explaining the rationale to non-technical managers.