xviii ◾ Ofﬁce Memorandum
going for gold when silver will do, and I must admit I have some sympathy
for that viewpoint. However, if you give me the ammunition for a robust
response, that will help immensely in terms of deﬂecting some of the pressure
to other cost centers.
c. If budget cuts are necessary (which looks increasingly likely), in which areas
can we safely trim back on security spending without jeopardizing the excel-
lent progress we have already made? I appreciate that you are reluctant even
to entertain the possibility, but I’m sure you will agree that it is better for us
to be prepared for this eventuality and deal with it rationally now than to
have it imposed upon us later in the process. I should point out that informa-
tion security is not being singled out for this. We all share the pain of these
economically challenging times.
Looking forward maybe three to ﬁve years, can you give us a clearer picture of
how the information security management system will pan out? e board and the
executive managers are understandably concerned about their personal liabilities if
we should fail in our compliance and governance obligations.