Benefit Analysis

Last updated on 2025-08-11 | Edit this page

Estimated time: 5 minutes

Overview

Questions

  • How do you communicate about threats?
  • How do you justify which threats to address?

Objectives

  • By completing this activity, you should be more knowledgeable on how to communicate with managerment/decision makers about threats.

Introduction

By this point, your group should have a risk-impact grid populated with the threats that your group came up with.

Single group workshops: Now you are going to choose 2-3 threats that you want to discuss.

Multi-group workshops: Now you are going to choose one threat that you want to discuss.

Your new mission is to make a case to Product Management to address the threat, using the board to explain your conclusions. This requires two things:

  • A way to address the threat (a ‘mitigation’, in security jargon), ideally with an idea of the effort required, or a means to discover what effort is required. This only needs to be sketchy.
  • The positive benefit to the organisation of addressing the threat. This often requires some ingenuity.
Discussion

Multi-group workshops: Select one person to present your findings to all of the groups.

Post-Workshop Survey

Checklist

SMART:

  • S: Specific
  • M: Measurable
  • A: Achievable
  • R: Realistic
  • T: Timely

Please take the remaining time to fill out the post workshop survey.

If you would like to add a post-workshop survey, I recommend adding a QR Code (if in person) or a link here (if online).

LINK

At the end of the survey, it will ask you to write a letter to your future self on what kind of changes you plan to make to your work processes in response to this workshop. When writing this letter, consider writing SMART objectives.

Key Points
  • Information on a threat’s likelihood, impact, and cost to address are required to make informed decisions on which threats should be addressed.