Investing in Security for ROI?
ENISA's new report "Return On Security Investment" initiates a discussion among the ‘Digital Fire Brigades’ or Computer Emergency Response Teams (CERTs) to create the basic tools and best practices to calculate their Return on Security Investment (ROSI) while it can operate as a tool to justify their business need and existence through their financial added value.
Published on December 12, 2012
Financial Gains of Cyber Security
Assessing the cost-effectiveness of CERTs should take into account the beneficial actions that CERTs achieve by contributing to detect, handle, recover from and deter incidents early and efficiently. Thus, security is not usually seen as an investment that provides profit, but rather loss prevention.
Security Metrics
The FIRST Metrics SIG (Forum for Incident Response and Security Teams) is working to improve the metrics and evaluation methods for internal evaluation of CERTs and address the topic of cost of incidents and return on security investment.
Interesting questions: What is the right amount an organization should invest in protecting information? Is an organisation paying too much for its security?
For the full Report: Return On Security Investment
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items:
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS