Financial Gains of Cyber Security
Assessing the cost-effectiveness of CERTs should take into account the beneficial actions that CERTs achieve by contributing to detect, handle, recover from and deter incidents early and efficiently. Thus, security is not usually seen as an investment that provides profit, but rather loss prevention.
The FIRST Metrics SIG (Forum for Incident Response and Security Teams) is working to improve the metrics and evaluation methods for internal evaluation of CERTs and address the topic of cost of incidents and return on security investment.
Interesting questions: What is the right amount an organization should invest in protecting information? Is an organisation paying too much for its security?
For the full Report: Return On Security Investment
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!