Introduction to Return on Security Investment

As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organization should invest in protecting information?

Published
December 12, 2012
Language
English

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information