Allocating the proper budget for Information Security (IS) and ensuring that the right IS projects are funded can be a challenging task for CIOs. Unlike other information technology projects, the benefits brought on by those that are IS focused are generally not immediately obvious. By the time it does become obvious, serious damage may have already been done, not only to the integrity of the organization’s information system but also to its business reputation.