Once we have worked with the business to determine the level
            of availability the company requires, and we have examined the
            level of accessibility we are currently providing. We know
            whether or not we are meeting business requirements.

            Remember, it does not matter what level of availability we want
            to give them - we are responsible for providing the level of
            service they demand. Once we know what we are offering, then
            we can develop the plan and strategy to address any gaps or
            shortcomings. However, more than once, when the IT security
            department measured the level of availability that they were
            providing, it was already more than the level of accessibility the
            business really required! This is a tangible benefit of measuring
            what security is - and the benefits it provides. For the first time,
            the company may realize that security is providing a measurable
            result and benefit by ensuring that critical systems are up and
            operating as required. This is a perception that is opposite to the