Skip to content

Security Program Justification (FTC v. ChoicePoint Inc. (2006))

Use this to justify the scope, resourcing, or structure of the security program; supports resource and organizational decisions.

Purpose

This justification explains why the scope and structure of the security program are necessary in response to FTC v. ChoicePoint Inc. (2006), including capability gaps, risk reduction targets, and resource implications. It supports executive and board approval of sustained program maturity efforts.

Hallucinated writing examples

Scenario: In an illustrative period following the FTC 2006 settlement and findings on fraudulent account onboarding (time), the Chief Information Security Officer (role) prepares a security program justification (type) for Chief Executive Officer, Board Audit Committee (audience).

SECURITY PROGRAM JUSTIFICATION

To: Chief Executive Officer, Board Audit Committee
From: Chief Information Security Officer
Date: March 31, 2006
Subject: Security Program Scope, Structure, and Resource Request — Subscriber Verification and Fraud Governance

Program Mission and Context: Program mission is to prevent unauthorized access to sensitive consumer data through robust subscriber verification, monitoring, and governance controls under the FTC settlement framework. Sustained program investment is required to maintain compliance and reduce fraud risk.

Scope and Current State: Scope includes subscriber onboarding controls, fraud analytics and investigation operations, entitlement governance, and annual assessment evidence readiness. Current resources support baseline operations but are strained under enforcement-driven expectations.

Gap Analysis and Recommendation: Gap analysis indicates insufficient surge capacity for fraud investigations, uneven verification depth in high-risk channels, and limited evidence management automation. Options considered: (1) Recommended—expand fraud and governance capacity with targeted tooling. (2) Minimal—maintain current state; rejected due to recurring risk and compliance exposure. (3) Broad outsourcing; rejected for accountability reasons. We request [X] FTE and [Y] budget with monthly compliance governance reporting.

Document-type guide: Security Program Justification

Writing tips: Writing best practices — Security Program Justification

© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 17 9:37 AM