Introduction to Return on Security Investment

As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organization should invest in protecting information?

Published: December 12, 2012
Language: English

Recommended publications

Best Practices for Cyber Crisis Management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale...

Published on February 28, 2024
ENISA CSIRT Maturity Framework - Updated and improved

Published on February 23, 2022
ENISA CSIRT maturity assessment model

Published on April 30, 2019
ENISA Maturity Evaluation Methodology for CSIRTs

Published on April 09, 2019