In today’s business environment it is difficult to obtain senior management approval for
the expenditure of valuable resources to “guarantee “that a potentially disastrous event will not occur
that could affect the organisation performance. Analysing potential risk and the allocation of
resources for computer network security and business continuity require strategic, long-term
planning. Most companies tend to be reactive and respond with quick infrastructure solutions. A
strategic approach to computer network security leads to a more efficient plan and a less expensive
risk-management strategy. Financial modelling is a fundamental component of all business
investment cases. IT security investment proposals have unique qualities that can pose expenditure
justification challenges. This paper aims to explore various financial models and to develop one that
IT managers can effectively use to support their business cases