Follow us on LinkedIn and Twitter

Our Security Philosophy

Information security is NOT a technical issue — it's a business issue.

Botz & Associates advocates information security technology only as a tool to make your business more successful.

That’s why we always follow our Enterprise-Wide Security Management Process. It focuses on business objectives first, followed by technical feasibility, cost-effectiveness and low-impact implementation.

The Botz business-based process prevents the most common pitfall in managing security: Technical people making purely technical decisions about purely business issues, for purely technical reasons.

Our customers hear us talk about the full cost of security a lot. Effective information security means spending the least amount necessary to mitigate business risk to a level acceptable to senior management. When evaluating a new security initiative, you should never spend more than (the cost of an exposure) x (the probability of that exposure).

A True Business Approach

"Secure" doesn't mean your business assets cannot be lost or stolen. It means that you are able to control, to a suitable degree, who uses which assets for which purposes and/or to detect when a person uses an asset in an unauthorized way.

From a technical implementation view, our objective is to open up the system to authorized people while at the same time ensuring it is closed to unauthorized people. In addition, the changes we make to achieve that goal should cause minimal or no change to the end user experience.

How effectively you have secured your business assets can only be measured by comparing how well your IT environment enforces required behavior and prevents or detects prohibited behavior compared to rules defined for business assets.


Read more about Botz & Associates >


“I have had the pleasure to work with Pat on a number of occasions. In addition to his dedication and expertise, Pat combines two very unique talents:

1) His ability to simplify technically complex
    issues; and
2) His approach to balance technical
    challenges and business risks.

Pat does not simply look for how technology and processes can be implemented to solve issues, but rather learns how customers operate, identifies their specific security objectives, and strives to build long-term relationships.”

— Jack McAfee, Botz & Associates client