Security management literature gives considerable attention to the process of justifying security-related decisions in the context of an organization. This process is widely assumed to be subject to management considerations and obtained by means of managerial techniques. The process often is related to a financial comparison of a given security initiative before and after its implementation. However, the application of this paradigm might raise issues of knowledge, rationality, and reliability, thus raising the possibility of weaknesses in matters of blame and liability. The justification process described in the literature does not ensure the objectivity and reliability it claims. The problems rest in the ignorance of the procedure’s limits and in its application to contexts where it could be misleading or dangerous, not in the procedure itself. Issues deserving further debate and research include whether the economic dimension is the only dimension in security, how to measure the dimensions not reducible to monetary values, and several others. A security decision making process must be clear and verifiable from the statement of goals and objectives to the statement of the criteria and value units, and the choice of the methodology for measurement and validation. 47 reference notes (Author abstract modified)